From 15f2dc914fe043b2ae4339c21be0bd27a1d34320 Mon Sep 17 00:00:00 2001
From: Mike Little <mikelittle@git.wordpress.org>
Date: Sat, 20 Sep 2003 00:03:21 +0000
Subject: [PATCH] Comments should not visible on password protected post until
 password entered.

git-svn-id: https://develop.svn.wordpress.org/trunk@374 602fd350-edb4-49c9-b593-d223f7449a82
---
 b2-include/b2template.functions.php | 41 +++++++++++++++++------------
 b2comments.php                      |  7 +++++
 2 files changed, 31 insertions(+), 17 deletions(-)

diff --git a/b2-include/b2template.functions.php b/b2-include/b2template.functions.php
index 43dcccbd14..633646520e 100644
--- a/b2-include/b2template.functions.php
+++ b/b2-include/b2template.functions.php
@@ -1157,29 +1157,36 @@ function comments_popup_script($width=400, $height=400, $file='b2commentspopup.p
 }
 
 function comments_popup_link($zero='No Comments', $one='1 Comment', $more='% Comments', $CSSclass='', $none='Comments Off') {
-	global $id, $b2commentspopupfile, $b2commentsjavascript, $post, $wpdb, $tablecomments;
+	global $id, $b2commentspopupfile, $b2commentsjavascript, $post, $wpdb, $tablecomments, $HTTP_COOKIE_VARS;
 	global $querystring_start, $querystring_equal, $querystring_separator, $siteurl;
 	$number = $wpdb->get_var("SELECT COUNT(*) FROM $tablecomments WHERE comment_post_ID = $id");
 	if (0 == $number && 'closed' == $post->comment_status) {
 		echo $none;
 		return;
 	} else {
-		echo "<a href=\"$siteurl/";
-		if ($b2commentsjavascript) {
-			echo $b2commentspopupfile.$querystring_start.'p'.$querystring_equal.$id.$querystring_separator.'c'.$querystring_equal.'1';
-			echo '" onclick="b2open(this.href); return false"';
-		} else {
-			// if comments_popup_script() is not in the template, display simple comment link
-			comments_link();
-			echo '"';
-		}
-		if (!empty($CSSclass)) {
-			echo ' class="'.$CSSclass.'"';
-		}
-		echo '>';
-		comments_number($zero, $one, $more);
-		echo '</a>';
-	}
+        if (!empty($post->post_password)) { // if there's a password
+            if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) {  // and it doesn't match the cookie
+                echo("Enter your password to view comments");
+                return;
+            }
+        }
+        echo "<a href=\"$siteurl/";
+        if ($b2commentsjavascript) {
+            echo $b2commentspopupfile.$querystring_start.'p'.$querystring_equal.$id.$querystring_separator.'c'.$querystring_equal.'1';
+            echo '" onclick="b2open(this.href); return false"';
+        } else {
+            // if comments_popup_script() is not in the template, display simple comment link
+            comments_link();
+            echo '"';
+        }
+        if (!empty($CSSclass)) {
+            echo ' class="'.$CSSclass.'"';
+        }
+        echo '>';
+        comments_number($zero, $one, $more);
+        echo '</a>';
+    }
+	
 }
 
 function comment_ID() {
diff --git a/b2comments.php b/b2comments.php
index 1c223275aa..9481687a64 100644
--- a/b2comments.php
+++ b/b2comments.php
@@ -3,6 +3,13 @@
 		die ('Please do not load this page directly. Thanks!');
 	if (($withcomments) or ($c)) {
 
+        if (!empty($post->post_password)) { // if there's a password
+            if ($HTTP_COOKIE_VARS['wp-postpass'] != $post->post_password) {  // and it doesn't match the cookie
+                echo("Enter your password to view comments");
+                return;
+            }
+        }
+
 		$comment_author = (empty($HTTP_COOKIE_VARS["comment_author"])) ? "name" : $HTTP_COOKIE_VARS["comment_author"];
 		$comment_author_email = (empty($HTTP_COOKIE_VARS["comment_author"])) ? "email" : trim($HTTP_COOKIE_VARS["comment_author_email"]);
 		$comment_author_url = (empty($HTTP_COOKIE_VARS["comment_author"])) ? "url" : trim($HTTP_COOKIE_VARS["comment_author_url"]);