Module contains two copyrighted files that are not under GPL, and doesn't work

It is not clear what this report is about; reporting just two links without an explanation doesn't help much.

May you describe exactly what you see wrong, and why?

I don't know anything about this module, so looking at the code was only a brief thing, but dmitrig may have been referring to line 74 of the second link showing the repository code. There is some sort of link to a bondage website?! Doesn't seem quite right for a 'password sentry' module..

Thanks, Alun; that is clearer than saying the module is bad.

The incriminated code is the following one:

  $res = file("http://www.slavefarm.com/v4s/login/drupal.php?setupname=v4s&ip=$ip&altip=$altip&username=" . $username);
  $flag = rtrim($res[0]);
  if (! $flag) {
    // …
  }

I am going to send a message to the current maintainer of the project.

I have sent an email to the current maintainer.

Hello heshanmw. I am writing you because Password Sentry has a link to a BDSM site. I am not sure such site can be trusted about receiving the usernames used in the Drupal sites where the module is installed, not can it be trusted about being a security site.

The code of the module needs to be changed; if you will not take any action, the project will be unpublished.
Please reply on http://drupal.org/node/701028.

Best regards.
— kiamlaluno
Drupal.org site maintainer
Drupal.org contributions CVS maintainer

I am raising the priority of this report, as I consider this very problematic.

Sorry, that was a mistake, these files was sent to me by one of my friend and to port it to Drupal, I'm in a beginig of development of it,. I fixed the issue I have and commited the code.

I am not sure that changing the site name to a not existing one is a fix.
Then, the project page should advice the usernames are reported to an external site. A user could take that the module checks in local the usernames, and not that usernames and IPs are sent to some external sites the user installing the module could not trust.

No, this is the implementation of password sentry http://www.monster-submit.com/sentry/, we do not want to include site name there, I got several files from one of my friend who had developed this solution for custom PHP site, here my intention is to port it to Drupal, the code I included was not the completed code, that should be modified and add many functions which are using sentry. Here is the initial step of it, you can see whats going on there by this link http://www.monster-submit.com/sentry/

Password sentry relies on an external service whereas http://drupal.org/project/single_login works internally to Drupal.

My impression is that Password Sentry's project page should be updated to reflect the fact that it relies on an external service and then link to http://drupal.org/project/single_login as a module which can do the same things without the external service.

The module now doesn't work, as it's using file() to get the content from a not existing site (http://sitenmame) that the user cannot even change through an option.

It also contains two files with the following copyright statement, which doesn't seem compatible with GPL:

##########################################################################
# Copyright Notice
##########################################################################
# Any redistribution of this script without the expressed written consent
# of Virtual Solutions is strictly prohibited. Copying any of the code
# contained within this script and claiming it as your own is also
# prohibited. You may not remove any of these header notices. By using
# this code you agree to indemnify Virtual Solutions from any liability
# that might arise from its use.

I will talk with the Virtual Solutionsm they wanted to do this module, so I can make these under GPL once he agree.

The module is also not working because it tries to get data from a not existing site.

The project has been unpublished, and the files not licensed under GPL have been removed.

@heshan.lk -- just for the sake of clarification, it's not up to you or Virtual Solutionism to decide whether or not these modules are GPL. Drupal modules must be released as GPL. The only decision you get to make is whether or not you release them. Once you decide to distribute them, they must be GPL.

I just got an email from a confused user who wanted to find the project and understand what was going on. If they were savvy enough to find http://drupalcode.org/project/password_sentry.git they could have done that. I propose we republish the project and add some text:

This project is no longer maintained. See the issue about its status for more information.

I also don't see why we unpublished this in the first place, really. It seems like the copyright was headed toward being fixed. If we unpublish every non-working module we'd be in big trouble ;)

I re-published the project node, and added the notice, as greggles suggested.