Store last login address as plain text

Directly store the information contained in $_SERVER['REMOTE_ADDR']
instead of using ip2long() which does not support IPv6 addresses. Note
that the LastLoginIPAddress field is designed to be used by the
administrator on rare occasions only (e.g. to fight spam) and is not
displayed anywhere.

Fixes FS#48557.

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>

3 files changed, 8 insertions, 3 deletions

diff --git a/schema/aur-schema.sql b/schema/aur-schema.sql
index 1a141c1..aa5ed9d 100644
--- a/schema/aur-schema.sql
+++ b/schema/aur-schema.sql
@@ -35,7 +35,7 @@ CREATE TABLE Users (
 	IRCNick VARCHAR(32) NOT NULL DEFAULT '',
 	PGPKey VARCHAR(40) NULL DEFAULT NULL,
 	LastLogin BIGINT UNSIGNED NOT NULL DEFAULT 0,
-	LastLoginIPAddress INTEGER UNSIGNED NOT NULL DEFAULT 0,
+	LastLoginIPAddress VARCHAR(40) NULL DEFAULT NULL,
 	InactivityTS BIGINT UNSIGNED NOT NULL DEFAULT 0,
 	RegistrationTS TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
 	CommentNotify TINYINT(1) NOT NULL DEFAULT 1,
diff --git a/upgrading/4.2.1.txt b/upgrading/4.2.1.txt
new file mode 100644
index 0000000..83c8d46
--- /dev/null
+++ b/upgrading/4.2.1.txt
@@ -0,0 +1,5 @@
+1. Convert the LastLoginIPAddress column to VARCHAR(40):
+
+----
+ALTER TABLE Users MODIFY LastLoginIPAddress VARCHAR(40) NULL DEFAULT NULL;
+----
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index b39420f..2d70f65 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -554,8 +554,8 @@ function try_login() {
 	}
 
 	$q = "UPDATE Users SET LastLogin = UNIX_TIMESTAMP(), ";
-	$q.= "LastLoginIPAddress = " . $dbh->quote(ip2long($_SERVER['REMOTE_ADDR'])) . " ";
-	$q.= "WHERE ID = '$userID'";
+	$q.= "LastLoginIPAddress = " . $dbh->quote($_SERVER['REMOTE_ADDR']) . " ";
+	$q.= "WHERE ID = $userID";
 	$dbh->exec($q);
 
 	/* Set the SID cookie. */