[aur-dev] [PATCH] Store last login address as plain text
Directly store the information contained in $_SERVER['REMOTE_ADDR'] instead of using ip2long() which does not support IPv6 addresses. Note that the LastLoginIPAddress field is designed to be used by the administrator on rare occasions only (e.g. to fight spam) and is not displayed anywhere. Fixes FS#48557. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org> --- schema/aur-schema.sql | 2 +- upgrading/4.2.1.txt | 5 +++++ web/lib/acctfuncs.inc.php | 4 ++-- 3 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 upgrading/4.2.1.txt diff --git a/schema/aur-schema.sql b/schema/aur-schema.sql index 1a141c1..aa5ed9d 100644 --- a/schema/aur-schema.sql +++ b/schema/aur-schema.sql @@ -35,7 +35,7 @@ CREATE TABLE Users ( IRCNick VARCHAR(32) NOT NULL DEFAULT '', PGPKey VARCHAR(40) NULL DEFAULT NULL, LastLogin BIGINT UNSIGNED NOT NULL DEFAULT 0, - LastLoginIPAddress INTEGER UNSIGNED NOT NULL DEFAULT 0, + LastLoginIPAddress VARCHAR(40) NULL DEFAULT NULL, InactivityTS BIGINT UNSIGNED NOT NULL DEFAULT 0, RegistrationTS TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, CommentNotify TINYINT(1) NOT NULL DEFAULT 1, diff --git a/upgrading/4.2.1.txt b/upgrading/4.2.1.txt new file mode 100644 index 0000000..83c8d46 --- /dev/null +++ b/upgrading/4.2.1.txt @@ -0,0 +1,5 @@ +1. Convert the LastLoginIPAddress column to VARCHAR(40): + +---- +ALTER TABLE Users MODIFY LastLoginIPAddress VARCHAR(40) NULL DEFAULT NULL; +---- diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php index b39420f..2d70f65 100644 --- a/web/lib/acctfuncs.inc.php +++ b/web/lib/acctfuncs.inc.php @@ -554,8 +554,8 @@ function try_login() { } $q = "UPDATE Users SET LastLogin = UNIX_TIMESTAMP(), "; - $q.= "LastLoginIPAddress = " . $dbh->quote(ip2long($_SERVER['REMOTE_ADDR'])) . " "; - $q.= "WHERE ID = '$userID'"; + $q.= "LastLoginIPAddress = " . $dbh->quote($_SERVER['REMOTE_ADDR']) . " "; + $q.= "WHERE ID = $userID"; $dbh->exec($q); /* Set the SID cookie. */ -- 2.7.3
* Lukas Fleischer <lfleischer@archlinux.org> (Sun, 13 Mar 2016 11:49:01 +0100):
- LastLoginIPAddress INTEGER UNSIGNED NOT NULL DEFAULT 0, + LastLoginIPAddress VARCHAR(40) NULL DEFAULT NULL,
VARCHAR(40) is too short, I think, see http://stackoverflow.com/q/166132/258127 According to Linux header files, the maximum length of an IPv6 address is 45 characters. Regards, Marcel
On Mon, 2016-03-14 at 10:12 +0100, Marcel Korpel wrote:
* Lukas Fleischer <lfleischer@archlinux.org> (Sun, 13 Mar 2016 11:49:01 +0100):
- LastLoginIPAddress INTEGER UNSIGNED NOT NULL DEFAULT 0, + LastLoginIPAddress VARCHAR(40) NULL DEFAULT NULL,
VARCHAR(40) is too short, I think, see http://stackoverflow.com/q/166132/258127
According to Linux header files, the maximum length of an IPv6 address is 45 characters.
Regards, Marcel
I'm not 100% sure how this actually stores the address, but if it's stored in its hex form, it can only be as large as 39 characters (4*8+7) making 40 characters more than enough. Mark Weiman
* Mark Weiman <mark.weiman@markzz.com> (Mon, 14 Mar 2016 13:09:09 -0400):
On Mon, 2016-03-14 at 10:12 +0100, Marcel Korpel wrote:
VARCHAR(40) is too short, I think, see http://stackoverflow.com/q/166132/258127
According to Linux header files, the maximum length of an IPv6 address is 45 characters.
I'm not 100% sure how this actually stores the address, but if it's stored in its hex form, it can only be as large as 39 characters (4*8+7) making 40 characters more than enough.
Plain text: $q.= "LastLoginIPAddress = " . $dbh->quote($_SERVER['REMOTE_ADDR']) . " "; Anyway, consumer-wise it doesn't matter whether it's a VARCHAR(39) or VARCHAR(48), see https://dev.mysql.com/doc/refman/5.7/en/storage-requirements.html#idm1396904... Marcel
participants (3)
-
Lukas Fleischer
-
Marcel Korpel
-
Mark Weiman