From 2b22c65aae9bbb3aa43dd5e4d8a813ab60ae3b0f Mon Sep 17 00:00:00 2001
From: "bbaetz%student.usyd.edu.au" <>
Date: Sat, 16 Mar 2002 14:03:09 +0000
Subject: Bug 129466 - use IP addr (not hostname) in logincookies table r=gerv,
 justdave

---
 CGI.pl        | 12 +++---------
 checksetup.pl | 14 ++++++++++++--
 2 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/CGI.pl b/CGI.pl
index 76c53627d..e100c69f3 100644
--- a/CGI.pl
+++ b/CGI.pl
@@ -695,15 +695,12 @@ sub quietly_check_login() {
     if (defined $::COOKIE{"Bugzilla_login"} &&
         defined $::COOKIE{"Bugzilla_logincookie"}) {
         ConnectToDatabase();
-        if (!defined $ENV{'REMOTE_HOST'}) {
-            $ENV{'REMOTE_HOST'} = $ENV{'REMOTE_ADDR'};
-        }
         SendSQL("SELECT profiles.userid, profiles.groupset, " .
                 "profiles.login_name, " .
                 "profiles.login_name = " .
                 SqlQuote($::COOKIE{"Bugzilla_login"}) .
-                " AND logincookies.hostname = " .
-                SqlQuote($ENV{"REMOTE_HOST"}) .
+                " AND logincookies.ipaddr = " .
+                SqlQuote($ENV{"REMOTE_ADDR"}) .
                 ", profiles.disabledtext " .
                 " FROM profiles, logincookies WHERE logincookies.cookie = " .
                 SqlQuote($::COOKIE{"Bugzilla_logincookie"}) .
@@ -988,10 +985,7 @@ sub confirm_login {
      # the cookies.
      if($enteredlogin ne "") {
        $::COOKIE{"Bugzilla_login"} = $enteredlogin;
-       if (!defined $ENV{'REMOTE_HOST'}) {
-         $ENV{'REMOTE_HOST'} = $ENV{'REMOTE_ADDR'};
-       }
-       SendSQL("insert into logincookies (userid,hostname) values (@{[DBNameToIdAndCheck($enteredlogin)]}, @{[SqlQuote($ENV{'REMOTE_HOST'})]})");
+       SendSQL("insert into logincookies (userid,ipaddr) values (@{[DBNameToIdAndCheck($enteredlogin)]}, @{[SqlQuote($ENV{'REMOTE_ADDR'})]})");
        SendSQL("select LAST_INSERT_ID()");
        my $logincookie = FetchOneColumn();
 
diff --git a/checksetup.pl b/checksetup.pl
index ab8b723fa..ba5d1e087 100755
--- a/checksetup.pl
+++ b/checksetup.pl
@@ -1155,11 +1155,10 @@ $table{groups} =
     unique(bit),
     unique(name)';
 
-
 $table{logincookies} =
    'cookie mediumint not null auto_increment primary key,
     userid mediumint not null,
-    hostname varchar(128),
+    ipaddr varchar(40) NOT NULL,
     lastused timestamp,
 
     index(lastused)';
@@ -2706,6 +2705,17 @@ if (GetFieldDef("bugs","qacontact_accessible")) {
     DropField("bugs", "assignee_accessible");
 }
 
+# 2002-03-15 bbaetz@student.usyd.edu.au - bug 129466
+# Use the ip, not the hostname, in the logincookies table
+if (GetFieldDef("logincookies", "hostname")) {
+    # We've changed what we match against, so all entries are now invalid
+    $dbh->do("DELETE FROM logincookies");
+
+    # Now update the logincookies schema
+    DropField("logincookies", "hostname");
+    AddField("logincookies", "ipaddr", "varchar(40) NOT NULL");
+}
+
 # If you had to change the --TABLE-- definition in any way, then add your
 # differential change code *** A B O V E *** this comment.
 #
-- 
cgit v1.2.3-24-g4f1b