--- url_access.module.orig	2007-12-10 21:04:10.000000000 +0100
+++ url_access.module	2008-03-18 10:30:32.000000000 +0100
@@ -32,12 +32,19 @@ function url_access_init() {
   $url = explode('/', trim(request_uri(), '/'));
   $url[0]= str_replace( '?q=', '', $url[0]);
   
-  if($url[0] == 'protected') {
+  if($url[0] == variable_get('url_access_uri_prefix', 'protected')) {
     $url_uuid = $url[1];
     if($url_uuid == $node_info['uuid']) {
       return;
     }
   }
+	
+	// Display additional message on the access denied page
+	$additional_message = variable_get('url_access_extra_message', '');
+	if (!empty($additional_message)) {
+		drupal_set_message($additional_message);
+	}
+	
   drupal_access_denied();
   exit;
 }
@@ -53,11 +60,11 @@ function url_access_nodeapi(&$node, $op,
       break;
     case 'insert':
       if(!$node->url_access) break;
-      $uuid = _url_access_uuid();
-      path_set_alias('node/' . $node->nid, 'protected/' . $uuid);
+      $uuid = (variable_get('url_access_use_user_password_function')) ? user_password() : _url_access_uuid();
+      path_set_alias('node/' . $node->nid, variable_get('url_access_uri_prefix', 'protected') . '/' . $uuid);
       $query = "INSERT INTO {url_access} VALUES('%d', '%s');";
       db_query($query, $node->nid, $uuid);
-      $url = 'protected/' . $uuid;
+      $url = variable_get('url_access_uri_prefix', 'protected') . '/' . $uuid;
       drupal_set_message(t('Protected URL set to !url', array('!url' => l($url, $url))));
       break;
     case 'load':
@@ -81,7 +88,7 @@ function url_access_nodeapi(&$node, $op,
         $uuid = db_result($result);
         if (!$uuid) break;
         
-        $pid = db_result(db_query("SELECT pid FROM {url_alias} WHERE dst = '%s'", 'protected/' . $uuid));
+        $pid = db_result(db_query("SELECT pid FROM {url_alias} WHERE dst = '%s'", variable_get('url_access_uri_prefix', 'protected') . '/' . $uuid));
         path_admin_delete($pid);
         url_access_nodeapi($node, 'delete', $a3, $a4);
       }
@@ -123,7 +130,7 @@ function url_access_form_alter($form_id,
         '#default_value' => $form['#node']->url_access,
       );
       if ($form['#node']->url_access) {
-        $url = 'protected/' . $form['#node']->url_access;
+        $url = variable_get('url_access_uri_prefix', 'protected') . '/' . $form['#node']->url_access;
         $form['url_access_set']['url_access_path'] = array(
           '#value' => t('The URL Access Path for this node is !url.', array(
             '!url' => l($url, $url)
@@ -136,15 +143,74 @@ function url_access_form_alter($form_id,
   }
 }
 
+/** 
+ * Implementation of hook_menu(). 
+ */ 
+function url_access_menu($may_cache) { 
+  $items = array(); 
+  if ($may_cache) { 
+    $items[] = array( 
+      'path' => 'admin/settings/url_access', 
+      'title' => t('Url Access'), 
+      'description' => t('Change how URIs are created.'), 
+      'callback' => 'drupal_get_form', 
+      'callback arguments' => array('url_access_admin_settings'), 
+      'access' => user_access('administer site configuration') 
+    ); 
+  } 
+  return $items; 
+} 
+
+/**
+ * Define the settings form
+ */
+function url_access_admin_settings() {
+	$form['url_access_use_user_password_function'] = array(
+		'#type' => 'radios',
+		'#title' => t('Choose how to generate the random part of the URI'),
+		'#options' => array(
+			0 => t('UUID() from MySQL greater 4.1.1 for better randomness (37 random characters)'), 
+			1 => t('user_password() from Drupal for easier URL handling (10 random characters)')),
+		'#default_value' => variable_get('url_access_use_user_password_function', 0),
+		'#description' => t('If running MySQL 4.1.1 or lesser the user_password() function will be used regardless of this settings.')
+	);
+
+  $form['url_access_uri_prefix'] = array(
+    '#type' => 'textfield', 
+		'#title' => t('URL Alias prefix for the protected URI'), 
+		'#default_value' => variable_get('url_access_uri_prefix', 'protected'),
+    '#size' => 50,
+		'#maxlength' => 50,
+		'#description' => t('The URL Alias prefix in the resulting URI like <em>protected</em> in <em>http://site/<strong>protected</strong>/XshdEndnd</em>.')
+  );
+
+	$form['url_access_extra_message'] = array(
+    '#type' => 'textarea', 
+		'#title' => t('Additional message for Access Denied page'), 
+		'#default_value' => variable_get('url_access_extra_message', ''),
+    '#size' => 50,
+		'#maxlength' => 255,
+		'#description' => t('Display this additional message on the Access Denied page (as Drupal message).')
+	);
+
+	return system_settings_form($form);
+}
+
 /**
- * Return a UUID generated by the database.
+ * Return a UUID generated by the database or by Drupal's user_password() function.
  *
  * @return
- *   A string containing a 37 character UUID, including dashes.
+ *   A string containing a 37 character UUID, including dashes or a 10 character Drupal password-like string.
  */
 function _url_access_uuid() {
   $query = "SELECT UUID();";
   $result = db_query($query);
+
+	// Fallback to Drupal's user_password() if MySQL's UUID() is not supported (MySQL < 4.1.2)
+	if (FALSE === $result) {
+		return user_password();
+	}
+
   $uuid = db_result($result);
   return $uuid;
 }