Merge branch 'pr/377' into 1.8

Adds IPv6 support

qa-include/app/format.php

@@ -549,7 +549,7 @@
 		}
 
 		if (@$options['whoview']) {
-			$fields['who']=qa_who_to_html($isbyuser, @$post['userid'], $usershtml, @$options['ipview'] ? @$post['createip'] : null, $microdata, $post['name']);
+			$fields['who']=qa_who_to_html($isbyuser, @$post['userid'], $usershtml, @$options['ipview'] ? @inet_ntop(@$post['createip']) : null, $microdata, $post['name']);
 
 			if (isset($post['points'])) {
 				if (@$options['pointsview'])
@@ -628,7 +628,7 @@
 			}
 
 			if (isset($post['lastuserid']) && @$options['whoview'])
-				$fields['who_2']=qa_who_to_html(isset($userid) && ($post['lastuserid']==$userid), $post['lastuserid'], $usershtml, @$options['ipview'] ? $post['lastip'] : null, false);
+				$fields['who_2']=qa_who_to_html(isset($userid) && ($post['lastuserid']==$userid), $post['lastuserid'], $usershtml, @$options['ipview'] ? @inet_ntop($post['lastip']) : null, false);
 		}
 
 
@@ -890,7 +890,7 @@
 		if (@$options['whoview']) {
 			$isbyuser=qa_post_is_by_user(array('userid' => $question['ouserid'], 'cookieid' => @$question['ocookieid']), $userid, $cookieid);
 
-			$fields['who']=qa_who_to_html($isbyuser, $question['ouserid'], $usershtml, @$options['ipview'] ? @$question['oip'] : null, false, @$question['oname']);
+			$fields['who']=qa_who_to_html($isbyuser, $question['ouserid'], $usershtml, @$options['ipview'] ? @inet_ntop(@$question['oip']) : null, false, @$question['oname']);
 			if (isset($question['opoints'])) {
 				if (@$options['pointsview'])
 					$fields['who']['points']=($question['opoints']==1) ? qa_lang_html_sub_split('main/1_point', '1', '1')

qa-include/app/limits.php

@@ -170,7 +170,7 @@
 	{
 		$blockipstring=preg_replace('/\s*\-\s*/', '-', $blockipstring); // special case for 'x.x.x.x - x.x.x.x'
 
-		return preg_split('/[^0-9\.\-\*]/', $blockipstring, -1, PREG_SPLIT_NO_EMPTY);
+		return preg_split('/[^0-9a-f\.:\-\*]/', $blockipstring, -1, PREG_SPLIT_NO_EMPTY);
 	}
 
 
@@ -179,19 +179,34 @@
 	Returns whether the ip address $ip is matched by the clause $blockipclause, which can contain a hyphen or asterisk
 */
 	{
-		if (long2ip(ip2long($ip))==$ip) {
+		// check if the input parameters use the same IP version
+		if (
+			((strpos($ip, ".")!==false) && (strpos($blockipclause, ".")==false)) ||
+			((strpos($ip, ".")==false) && (strpos($blockipclause, ".")!==false))
+		)
+	       return false;
+
+		if (filter_var($ip, FILTER_VALIDATE_IP)) {
 			if (preg_match('/^(.*)\-(.*)$/', $blockipclause, $matches)) {
-				if ( (long2ip(ip2long($matches[1]))==$matches[1]) && (long2ip(ip2long($matches[2]))==$matches[2]) ) {
-					$iplong=sprintf('%u', ip2long($ip));
-					$end1long=sprintf('%u', ip2long($matches[1]));
-					$end2long=sprintf('%u', ip2long($matches[2]));
-
+				if ( filter_var($matches[1], FILTER_VALIDATE_IP) && filter_var($matches[2], FILTER_VALIDATE_IP) ) {
+					if(filter_var($ip, FILTER_VALIDATE_IP,FILTER_FLAG_IPV6)){
+						$ip=ipv6_expand($ip);
+						$matches[1]=ipv6_expand($matches[1],true);
+						$matches[2]=ipv6_expand($matches[2],true);
+					}
+					$iplong=ipv6_numeric($ip);
+					$end1long=ipv6_numeric($matches[1]);
+					$end2long=ipv6_numeric($matches[2]);
 					return (($iplong>=$end1long) && ($iplong<=$end2long)) || (($iplong>=$end2long) && ($iplong<=$end1long));
 				}
-
-			} elseif (strlen($blockipclause))
-				return preg_match('/^'.str_replace('\\*', '[0-9]+', preg_quote($blockipclause, '/')).'$/', $ip) > 0;
+			} elseif (strlen($blockipclause)){
+				if(filter_var($ip, FILTER_VALIDATE_IP,FILTER_FLAG_IPV6)){
+					$ip=ipv6_expand($ip,true);
+					$blockipclause=ipv6_expand($blockipclause,true);
+				}
+				return preg_match('/^'.str_replace('\\*', '[0-9a-fA-F]+', preg_quote($blockipclause, '/')).'$/', $ip) > 0;
 					// preg_quote misses hyphens but that is OK here
+			}
 		}
 
 		return false;
@@ -226,4 +241,4 @@
 
 /*
 	Omit PHP closing tag to help avoid accidental output
-*/
\ No newline at end of file
+*/

qa-include/db/admin.php

@@ -159,8 +159,8 @@
 */
 	{
 		return qa_db_read_all_values(qa_db_query_sub(
-			"SELECT postid FROM ^posts WHERE createip=INET_ATON($) AND type IN ('Q', 'A', 'C', 'Q_QUEUED', 'A_QUEUED', 'C_QUEUED')",
-			$ip
+			"SELECT postid FROM ^posts WHERE createip=$ AND type IN ('Q', 'A', 'C', 'Q_QUEUED', 'A_QUEUED', 'C_QUEUED')",
+			@inet_pton($ip)
 		));
 	}
 
@@ -187,7 +187,7 @@
 */
 	{
 		$results=qa_db_read_all_assoc(qa_db_query_sub(
-			"SELECT ^users.userid, UNIX_TIMESTAMP(created) AS created, INET_NTOA(createip) AS createip, email, handle, flags, title, content FROM ^users LEFT JOIN ^userprofile ON ^users.userid=^userprofile.userid AND LENGTH(content)>0 WHERE level<# AND NOT (flags&#) ORDER BY created DESC LIMIT #",
+			"SELECT ^users.userid, UNIX_TIMESTAMP(created) AS created, createip, email, handle, flags, title, content FROM ^users LEFT JOIN ^userprofile ON ^users.userid=^userprofile.userid AND LENGTH(content)>0 WHERE level<# AND NOT (flags&#) ORDER BY created DESC LIMIT #",
 			QA_USER_LEVEL_APPROVED, QA_USER_FLAGS_USER_BLOCKED, $count
 		));
 

qa-include/db/blobs.php

@@ -40,8 +40,8 @@
 				continue;
 
 			qa_db_query_sub(
-				'INSERT INTO ^blobs (blobid, format, content, filename, userid, cookieid, createip, created) VALUES (#, $, $, $, $, #, INET_ATON($), NOW())',
-				$blobid, $format, $content, $sourcefilename, $userid, $cookieid, $ip
+				'INSERT INTO ^blobs (blobid, format, content, filename, userid, cookieid, createip, created) VALUES (#, $, $, $, $, #, $, NOW())',
+				$blobid, $format, $content, $sourcefilename, $userid, $cookieid, @inet_pton($ip)
 			);
 
 			return $blobid;
@@ -107,4 +107,4 @@
 
 /*
 	Omit PHP closing tag to help avoid accidental output
-*/
\ No newline at end of file
+*/

qa-include/db/cookies.php

@@ -39,8 +39,8 @@
 
 			qa_db_query_sub(
 				'INSERT INTO ^cookies (cookieid, created, createip) '.
-					'VALUES (#, NOW(), COALESCE(INET_ATON($), 0))',
-				$cookieid, $ipaddress
+					'VALUES (#, NOW(), $)',
+				$cookieid, @inet_pton($ipaddress)
 			);
 
 			return $cookieid;
@@ -56,8 +56,8 @@
 */
 	{
 		qa_db_query_sub(
-			'UPDATE ^cookies SET written=NOW(), writeip=COALESCE(INET_ATON($), 0) WHERE cookieid=#',
-			$ipaddress, $cookieid
+			'UPDATE ^cookies SET written=NOW(), writeip=$ WHERE cookieid=#',
+			@inet_pton($ipaddress), $cookieid
 		);
 	}
 
@@ -76,4 +76,4 @@
 
 /*
 	Omit PHP closing tag to help avoid accidental output
-*/
\ No newline at end of file
+*/

qa-include/db/hotness.php

@@ -44,7 +44,7 @@
 				'(a.acount+0.0)*# + '.
 				'(a.netvotes+0.0)*# + '.
 				'(a.views+0.0+#)*#'.
-			')'.($viewincrement ? ', x.views=x.views+1, x.lastviewip=INET_ATON($)' : '').' WHERE x.postid=a.postid';
+			')'.($viewincrement ? ', x.views=x.views+1, x.lastviewip=$' : '').' WHERE x.postid=a.postid';
 
 			//	Additional multiples based on empirical analysis of activity on Q2A meta site to give approx equal influence for all factors
 
@@ -60,7 +60,7 @@
 			);
 
 			if ($viewincrement)
-				$arguments[]=qa_remote_ip_address();
+				$arguments[]=@inet_pton(qa_remote_ip_address());
 
 			 qa_db_query_raw(qa_db_apply_sub($query, $arguments));
 		}
@@ -69,4 +69,4 @@
 
 /*
 	Omit PHP closing tag to help avoid accidental output
-*/
\ No newline at end of file
+*/

qa-include/db/install.php

@@ -25,7 +25,7 @@
 		exit;
 	}
 
-	define('QA_DB_VERSION_CURRENT', 62);
+	define('QA_DB_VERSION_CURRENT', 63);
 
 
 	function qa_db_user_column_type_verify()
@@ -100,7 +100,7 @@
 			'users' => array(
 				'userid' => $useridcoltype.' NOT NULL AUTO_INCREMENT',
 				'created' => 'DATETIME NOT NULL',
-				'createip' => 'INT UNSIGNED NOT NULL', // INET_ATON of IP address when created
+				'createip' => 'VARBINARY(16) NOT NULL', // INET_ATON of IP address when created
 				'email' => 'VARCHAR('.QA_DB_MAX_EMAIL_LENGTH.') NOT NULL',
 				'handle' => 'VARCHAR('.QA_DB_MAX_HANDLE_LENGTH.') NOT NULL', // username
 				'avatarblobid' => 'BIGINT UNSIGNED', // blobid of stored avatar
@@ -111,9 +111,9 @@
 				'passhash' => 'VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_bin DEFAULT NULL', // password_hash
 				'level' => 'TINYINT UNSIGNED NOT NULL', // basic, editor, admin, etc...
 				'loggedin' => 'DATETIME NOT NULL', // time of last login
-				'loginip' => 'INT UNSIGNED NOT NULL', // INET_ATON of IP address of last login
+				'loginip' => 'VARBINARY(16) NOT NULL', // INET_ATON of IP address of last login
 				'written' => 'DATETIME', // time of last write action done by user
-				'writeip' => 'INT UNSIGNED', // INET_ATON of IP address of last write action done by user
+				'writeip' => 'VARBINARY(16)', // INET_ATON of IP address of last write action done by user
 				'emailcode' => 'CHAR(8) CHARACTER SET ascii NOT NULL DEFAULT \'\'', // for email confirmation or password reset
 				'sessioncode' => 'CHAR(8) CHARACTER SET ascii NOT NULL DEFAULT \'\'', // for comparing against session cookie in browser
 				'sessionsource' => 'VARCHAR (16) CHARACTER SET ascii DEFAULT \'\'', // e.g. facebook, openid, etc...
@@ -227,9 +227,9 @@
 			'cookies' => array(
 				'cookieid' => 'BIGINT UNSIGNED NOT NULL',
 				'created' => 'DATETIME NOT NULL',
-				'createip' => 'INT UNSIGNED NOT NULL', // INET_ATON of IP address when cookie created
+				'createip' => 'VARBINARY(16) NOT NULL', // INET_ATON of IP address when cookie created
 				'written' => 'DATETIME', // time of last write action done by anon user with cookie
-				'writeip' => 'INT UNSIGNED', // INET_ATON of IP address of last write action done by anon user with cookie
+				'writeip' => 'VARBINARY(16)', // INET_ATON of IP address of last write action done by anon user with cookie
 				'PRIMARY KEY (cookieid)',
 			),
 
@@ -293,13 +293,13 @@
 					// if closed for another reason, that reason should be added as a comment on the question, and this field is the comment's id
 				'userid' => $useridcoltype, // which user wrote it
 				'cookieid' => 'BIGINT UNSIGNED', // which cookie wrote it, if an anonymous post
-				'createip' => 'INT UNSIGNED', // INET_ATON of IP address used to create the post
+				'createip' => 'VARBINARY(16)', // INET_ATON of IP address used to create the post
 				'lastuserid' => $useridcoltype, // which user last modified it
-				'lastip' => 'INT UNSIGNED', // INET_ATON of IP address which last modified the post
+				'lastip' => 'VARBINARY(16)', // INET_ATON of IP address which last modified the post
 				'upvotes' => 'SMALLINT UNSIGNED NOT NULL DEFAULT 0',
 				'downvotes' => 'SMALLINT UNSIGNED NOT NULL DEFAULT 0',
 				'netvotes' => 'SMALLINT NOT NULL DEFAULT 0',
-				'lastviewip' => 'INT UNSIGNED', // INET_ATON of IP address which last viewed the post
+				'lastviewip' => 'VARBINARY(16)', // INET_ATON of IP address which last viewed the post
 				'views' => 'INT UNSIGNED NOT NULL DEFAULT 0',
 				'hotness' => 'FLOAT',
 				'flagcount' => 'TINYINT UNSIGNED NOT NULL DEFAULT 0',
@@ -348,7 +348,7 @@
 				'filename' => 'VARCHAR('.QA_DB_MAX_BLOB_FILE_NAME_LENGTH.')', // name of source file (if appropriate)
 				'userid' => $useridcoltype, // which user created it
 				'cookieid' => 'BIGINT UNSIGNED', // which cookie created it
-				'createip' => 'INT UNSIGNED', // INET_ATON of IP address that created it
+				'createip' => 'VARBINARY(16)', // INET_ATON of IP address that created it
 				'created' => 'DATETIME', // when it was created
 				'PRIMARY KEY (blobid)',
 			),
@@ -449,7 +449,7 @@
 			// most columns in iplimits have the same meaning as those in userlimits
 
 			'iplimits' => array(
-				'ip' => 'INT UNSIGNED NOT NULL', // INET_ATON of IP address
+				'ip' => 'VARBINARY(16) NOT NULL', // INET_ATON of IP address
 				'action' => 'CHAR(1) CHARACTER SET ascii NOT NULL',
 				'period' => 'INT UNSIGNED NOT NULL',
 				'count' => 'SMALLINT UNSIGNED NOT NULL',
@@ -1465,8 +1465,36 @@
 						// add column to qa_users to handle new bcrypt passwords
 						qa_db_upgrade_query('ALTER TABLE ^users ADD COLUMN passhash ' . $definitions['users']['passhash'] . ' AFTER passcheck');
 						qa_db_upgrade_query($locktablesquery);
-						break;
 					}
+					break;
+
+				case 63:
+					// convert IP addresses to new binary format
+					if (isset($keydbtables[qa_db_add_table_prefix('eventlog')])) {
+						$locktablesquery.=', ^eventlog WRITE';
+						qa_db_upgrade_query($locktablesquery);
+						qa_db_upgrade_query('ALTER TABLE ^eventlog MODIFY ipaddress VARCHAR(45) CHARACTER SET ascii');
+					}
+
+					qa_db_upgrade_query('ALTER TABLE ^cookies MODIFY writeip VARBINARY(16) NULL DEFAULT NULL, MODIFY createip VARBINARY(16) NULL DEFAULT NULL');
+					qa_db_upgrade_query('UPDATE ^cookies SET writeip = UNHEX(HEX(CAST(writeip AS UNSIGNED))), createip = UNHEX(HEX(CAST(createip AS UNSIGNED)))');
+
+					qa_db_upgrade_query('ALTER TABLE ^iplimits MODIFY ip VARBINARY(16) NULL DEFAULT NULL');
+					qa_db_upgrade_query('UPDATE ^iplimits SET ip = UNHEX(HEX(CAST(ip AS UNSIGNED)))');
+
+					qa_db_upgrade_query('ALTER TABLE ^blobs MODIFY createip VARBINARY(16) NULL DEFAULT NULL');
+					qa_db_upgrade_query('UPDATE ^blobs SET createip = UNHEX(HEX(CAST(createip AS UNSIGNED)))');
+
+					qa_db_upgrade_query('ALTER TABLE ^posts MODIFY lastviewip VARBINARY(16) NULL DEFAULT NULL, MODIFY lastip VARBINARY(16) NULL DEFAULT NULL, MODIFY createip VARBINARY(16) NULL DEFAULT NULL');
+					qa_db_upgrade_query('UPDATE ^posts SET lastviewip = UNHEX(HEX(CAST(lastviewip AS UNSIGNED))), lastip = UNHEX(HEX(CAST(lastip AS UNSIGNED))), createip = UNHEX(HEX(CAST(createip AS UNSIGNED)))');
+
+					if (!QA_FINAL_EXTERNAL_USERS) {
+						qa_db_upgrade_query('ALTER TABLE ^users MODIFY createip VARBINARY(16) NULL DEFAULT NULL, MODIFY loginip VARBINARY(16) NULL DEFAULT NULL, MODIFY writeip VARBINARY(16) NULL DEFAULT NULL');
+						qa_db_upgrade_query('UPDATE ^users SET createip = UNHEX(HEX(CAST(createip AS UNSIGNED))), loginip = UNHEX(HEX(CAST(loginip AS UNSIGNED))), writeip = UNHEX(HEX(CAST(writeip AS UNSIGNED)))');
+					}
+
+					qa_db_upgrade_query($locktablesquery);
+					break;
 
 			//	Up to here: Version 1.8 alpha
 			}

qa-include/db/limits.php

@@ -42,8 +42,8 @@
 		}
 
 		if (isset($ip)) {
-			$selects[]="(SELECT 'ip' AS limitkey, period, count FROM ^iplimits WHERE ip=COALESCE(INET_ATON($), 0) AND action=$)";
-			$arguments[]=$ip;
+			$selects[]="(SELECT 'ip' AS limitkey, period, count FROM ^iplimits WHERE ip=$ AND action=$)";
+			$arguments[]=@inet_pton($ip);
 			$arguments[]=$action;
 		}
 
@@ -75,13 +75,13 @@
 */
 	{
 		qa_db_query_sub(
-			'INSERT INTO ^iplimits (ip, action, period, count) VALUES (COALESCE(INET_ATON($), 0), $, #, #) '.
+			'INSERT INTO ^iplimits (ip, action, period, count) VALUES ($, $, #, #) '.
 			'ON DUPLICATE KEY UPDATE count=IF(period=#, count+#, #), period=#',
-			$ip, $action, $period, $count, $period, $count, $count, $period
+			@inet_pton($ip), $action, $period, $count, $period, $count, $count, $period
 		);
 	}
 
 
 /*
 	Omit PHP closing tag to help avoid accidental output
-*/
\ No newline at end of file
+*/

qa-include/db/post-create.php

@@ -33,8 +33,8 @@
 	{
 		qa_db_query_sub(
 			'INSERT INTO ^posts (categoryid, type, parentid, userid, cookieid, createip, title, content, format, tags, notify, name, created) '.
-			'VALUES (#, $, #, $, #, INET_ATON($), $, $, $, $, $, $, NOW())',
-			$categoryid, $type, $parentid, $userid, $cookieid, $ip, $title, $content, $format, $tagstring, $notify, $name
+			'VALUES (#, $, #, $, #, $, $, $, $, $, $, $, NOW())',
+			$categoryid, $type, $parentid, $userid, $cookieid, @inet_pton($ip), $title, $content, $format, $tagstring, $notify, $name
 		);
 
 		return qa_db_last_insert_id();
@@ -410,4 +410,4 @@
 
 /*
 	Omit PHP closing tag to help avoid accidental output
-*/
\ No newline at end of file
+*/

qa-include/db/post-update.php

@@ -48,8 +48,8 @@
 
 		if (isset($selchildid) && isset($lastuserid) && isset($lastip))
 			qa_db_query_sub(
-				"UPDATE ^posts SET updated=NOW(), updatetype=$, lastuserid=$, lastip=INET_ATON($) WHERE postid=#",
-				QA_UPDATE_SELECTED, $lastuserid, $lastip, $selchildid
+				"UPDATE ^posts SET updated=NOW(), updatetype=$, lastuserid=$, lastip=$ WHERE postid=#",
+				QA_UPDATE_SELECTED, $lastuserid, @inet_pton($lastip), $selchildid
 			);
 	}
 
@@ -62,8 +62,8 @@
 	{
 		if (isset($lastuserid) || isset($lastip)) {
 			qa_db_query_sub(
-				"UPDATE ^posts SET closedbyid=#, updated=NOW(), updatetype=$, lastuserid=$, lastip=INET_ATON($) WHERE postid=#",
-				$closedbyid, QA_UPDATE_CLOSED, $lastuserid, $lastip, $questionid
+				"UPDATE ^posts SET closedbyid=#, updated=NOW(), updatetype=$, lastuserid=$, lastip=$ WHERE postid=#",
+				$closedbyid, QA_UPDATE_CLOSED, $lastuserid, @inet_pton($lastip), $questionid
 			);
 		} else
 			qa_db_query_sub(
@@ -80,8 +80,8 @@
 	{
 		if (isset($lastuserid) || isset($lastip)) {
 			qa_db_query_sub(
-				'UPDATE ^posts SET type=$, updated=NOW(), updatetype=$, lastuserid=$, lastip=INET_ATON($) WHERE postid=#',
-				$type, $updatetype, $lastuserid, $lastip, $postid
+				'UPDATE ^posts SET type=$, updated=NOW(), updatetype=$, lastuserid=$, lastip=$ WHERE postid=#',
+				$type, $updatetype, $lastuserid, @inet_pton($lastip), $postid
 			);
 		} else
 			qa_db_query_sub(
@@ -98,8 +98,8 @@
 	{
 		if (isset($lastuserid) || isset($lastip))
 			qa_db_query_sub(
-				"UPDATE ^posts SET parentid=#, updated=NOW(), updatetype=$, lastuserid=$, lastip=INET_ATON($) WHERE postid=#",
-				$parentid, QA_UPDATE_PARENT, $lastuserid, $lastip, $postid
+				"UPDATE ^posts SET parentid=#, updated=NOW(), updatetype=$, lastuserid=$, lastip=$ WHERE postid=#",
+				$parentid, QA_UPDATE_PARENT, $lastuserid, @inet_pton($lastip), $postid
 			);
 		else
 			qa_db_query_sub(
@@ -118,8 +118,8 @@
 	{
 		if (isset($lastuserid) || isset($lastip)) // use COALESCE() for name since $name=null means it should not be modified (for backwards compatibility)
 			qa_db_query_sub(
-				'UPDATE ^posts SET title=$, content=$, format=$, tags=$, name=COALESCE($, name), notify=$, updated=NOW(), updatetype=$, lastuserid=$, lastip=INET_ATON($) WHERE postid=#',
-				$title, $content, $format, $tagstring, $name, $notify, $updatetype, $lastuserid, $lastip, $postid
+				'UPDATE ^posts SET title=$, content=$, format=$, tags=$, name=COALESCE($, name), notify=$, updated=NOW(), updatetype=$, lastuserid=$, lastip=$ WHERE postid=#',
+				$title, $content, $format, $tagstring, $name, $notify, $updatetype, $lastuserid, @inet_pton($lastip), $postid
 			);
 		else
 			qa_db_query_sub(
@@ -148,8 +148,8 @@
 	{
 		if (isset($lastuserid) || isset($lastip))
 			qa_db_query_sub(
-				"UPDATE ^posts SET categoryid=#, updated=NOW(), updatetype=$, lastuserid=$, lastip=INET_ATON($) WHERE postid=#",
-				$categoryid, QA_UPDATE_CATEGORY, $lastuserid, $lastip, $postid
+				"UPDATE ^posts SET categoryid=#, updated=NOW(), updatetype=$, lastuserid=$, lastip=$ WHERE postid=#",
+				$categoryid, QA_UPDATE_CATEGORY, $lastuserid, @inet_pton($lastip), $postid
 			);
 		else
 			qa_db_query_sub(
@@ -363,4 +363,4 @@
 
 /*
 	Omit PHP closing tag to help avoid accidental output
-*/
\ No newline at end of file
+*/

qa-include/db/selects.php

@@ -166,15 +166,15 @@
 			$selectspec['columns']['updatetype']='^posts.updatetype';
 			$selectspec['columns'][]='^posts.format';
 			$selectspec['columns'][]='^posts.lastuserid';
-			$selectspec['columns']['lastip']='INET_NTOA(^posts.lastip)';
+			$selectspec['columns']['lastip']='^posts.lastip';
 			$selectspec['columns'][]='^posts.parentid';
-			$selectspec['columns']['lastviewip']='INET_NTOA(^posts.lastviewip)';
+			$selectspec['columns']['lastviewip']='^posts.lastviewip';
 		}
 
 		if ($user) {
 			$selectspec['columns'][]='^posts.userid';
 			$selectspec['columns'][]='^posts.cookieid';
-			$selectspec['columns']['createip']='INET_NTOA(^posts.createip)';
+			$selectspec['columns']['createip']='^posts.createip';
 			$selectspec['columns'][]='^userpoints.points';
 
 			if (!QA_FINAL_EXTERNAL_USERS) {
@@ -216,7 +216,7 @@
 		$selectspec['columns']['ouserid']=$poststable.($fromupdated ? '.lastuserid' : '.userid');
 		$selectspec['columns']['ocookieid']=$poststable.'.cookieid';
 		$selectspec['columns']['oname']=$poststable.'.name';
-		$selectspec['columns']['oip']='INET_NTOA('.$poststable.($fromupdated ? '.lastip' : '.createip').')';
+		$selectspec['columns']['oip']=$poststable.($fromupdated ? '.lastip' : '.createip');
 		$selectspec['columns']['otime']='UNIX_TIMESTAMP('.$poststable.($fromupdated ? '.updated' : '.created').')';
 		$selectspec['columns']['oflagcount']=$poststable.'.flagcount';
 
@@ -323,11 +323,11 @@
 
 		$selectspec['source'].=" JOIN (SELECT postid FROM ^posts WHERE ".
 			qa_db_categoryslugs_sql_args($categoryslugs, $selectspec['arguments']).
-			(isset($createip) ? "createip=INET_ATON($) AND " : "").
+			(isset($createip) ? "createip=$ AND " : "").
 			"type=$ ".$sortsql." LIMIT #,#) y ON ^posts.postid=y.postid";
 
 		if (isset($createip))
-			$selectspec['arguments'][]=$createip;
+			$selectspec['arguments'][]=@inet_pton($createip);
 
 		array_push($selectspec['arguments'], $type, $start, $count);
 
@@ -406,12 +406,12 @@
 			" LEFT JOIN ^userpoints AS auserpoints ON aposts.userid=auserpoints.userid".
 			" JOIN (SELECT postid FROM ^posts WHERE ".
 			qa_db_categoryslugs_sql_args($categoryslugs, $selectspec['arguments']).
-			(isset($createip) ? "createip=INET_ATON($) AND " : "").
+			(isset($createip) ? "createip=$ AND " : "").
 			"type=$ ORDER BY ^posts.created DESC LIMIT #,#) y ON aposts.postid=y.postid".
 			($specialtype ? '' : " WHERE ^posts.type='Q'");
 
 		if (isset($createip))
-			$selectspec['arguments'][]=$createip;
+			$selectspec['arguments'][]=@inet_pton($createip);
 
 		array_push($selectspec['arguments'], $type, $start, $count);
 
@@ -449,12 +449,12 @@
 			" LEFT JOIN ^userpoints AS cuserpoints ON cposts.userid=cuserpoints.userid".
 			" JOIN (SELECT postid FROM ^posts WHERE ".
 			qa_db_categoryslugs_sql_args($categoryslugs, $selectspec['arguments']).
-			(isset($createip) ? "createip=INET_ATON($) AND " : "").
+			(isset($createip) ? "createip=$ AND " : "").
 			"type=$ ORDER BY ^posts.created DESC LIMIT #,#) y ON cposts.postid=y.postid".
 			($specialtype ? '' : " WHERE ^posts.type='Q' AND ((parentposts.type='Q') OR (parentposts.type='A'))");
 
 		if (isset($createip))
-			$selectspec['arguments'][]=$createip;
+			$selectspec['arguments'][]=@inet_pton($createip);
 
 		array_push($selectspec['arguments'], $type, $start, $count);
 
@@ -487,13 +487,13 @@
 			" LEFT JOIN ^userpoints AS edituserpoints ON editposts.lastuserid=edituserpoints.userid".
 			" JOIN (SELECT postid FROM ^posts WHERE ".
 			qa_db_categoryslugs_sql_args($categoryslugs, $selectspec['arguments']).
-			(isset($lastip) ? "lastip=INET_ATON($) AND " : "").
+			(isset($lastip) ? "lastip=$ AND " : "").
 			($onlyvisible ? "type IN ('Q', 'A', 'C')" : "1").
 			" ORDER BY ^posts.updated DESC LIMIT #,#) y ON editposts.postid=y.postid".
 			($onlyvisible ? " WHERE parentposts.type IN ('Q', 'A', 'C') AND ^posts.type IN ('Q', 'A', 'C')" : "");
 
 		if (isset($lastip))
-			$selectspec['arguments'][]=$lastip;
+			$selectspec['arguments'][]=@inet_pton($lastip);
 
 		array_push($selectspec['arguments'], $start, $count);
 
@@ -1199,7 +1199,7 @@
 			'columns' => array(
 				'^users.userid', 'passsalt', 'passcheck' => 'HEX(passcheck)', 'passhash', 'email', 'level', 'emailcode', 'handle',
 				'created' => 'UNIX_TIMESTAMP(created)', 'sessioncode', 'sessionsource', 'flags', 'loggedin' => 'UNIX_TIMESTAMP(loggedin)',
-				'loginip' => 'INET_NTOA(loginip)', 'written' => 'UNIX_TIMESTAMP(written)', 'writeip' => 'INET_NTOA(writeip)',
+				'loginip', 'written' => 'UNIX_TIMESTAMP(written)', 'writeip',
 				'avatarblobid' => 'BINARY avatarblobid', // cast to BINARY due to MySQL bug which renders it signed in a union
 				'avatarwidth', 'avatarheight', 'points', 'wallposts',
 			),
@@ -1678,8 +1678,8 @@
 	{
 		return array(
 			'columns' => array('action', 'period', 'count'),
-			'source' => '^iplimits WHERE ip=COALESCE(INET_ATON($), 0)',
-			'arguments' => array($ip),
+			'source' => '^iplimits WHERE ip=$',
+			'arguments' => array(@inet_pton($ip)),
 			'arraykey' => 'action',
 		);
 	}
@@ -1711,4 +1711,4 @@
 
 /*
 	Omit PHP closing tag to help avoid accidental output
-*/
\ No newline at end of file
+*/

qa-include/db/users.php

@@ -44,19 +44,21 @@
 	{
 		require_once QA_INCLUDE_DIR.'util/string.php';
 
+		$ipbin = @inet_pton($ip);
+
 		if (QA_PASSWORD_HASH) {
 			qa_db_query_sub(
 				'INSERT INTO ^users (created, createip, email, passhash, level, handle, loggedin, loginip) '.
-				'VALUES (NOW(), COALESCE(INET_ATON($), 0), $, $, #, $, NOW(), COALESCE(INET_ATON($), 0))',
-				$ip, $email, isset($password) ? password_hash($password, PASSWORD_BCRYPT) : null, (int)$level, $handle, $ip
+				'VALUES (NOW(), $, $, $, #, $, NOW(), $)',
+				$ipbin, $email, isset($password) ? password_hash($password, PASSWORD_BCRYPT) : null, (int)$level, $handle, $ipbin
 			);
 		} else {
 			$salt = isset($password) ? qa_random_alphanum(16) : null;
 
 			qa_db_query_sub(
 				'INSERT INTO ^users (created, createip, email, passsalt, passcheck, level, handle, loggedin, loginip) '.
-				'VALUES (NOW(), COALESCE(INET_ATON($), 0), $, $, UNHEX($), #, $, NOW(), COALESCE(INET_ATON($), 0))',
-				$ip, $email, $salt, isset($password) ? qa_db_calc_passcheck($password, $salt) : null, (int)$level, $handle, $ip
+				'VALUES (NOW(), $, $, $, UNHEX($), #, $, NOW(), $)',
+				$ipbin, $email, $salt, isset($password) ? qa_db_calc_passcheck($password, $salt) : null, (int)$level, $handle, $ipbin
 			);
 		}
 
@@ -236,8 +238,8 @@
 */
 	{
 		qa_db_query_sub(
-			'UPDATE ^users SET loggedin=NOW(), loginip=COALESCE(INET_ATON($), 0) WHERE userid=$',
-			$ip, $userid
+			'UPDATE ^users SET loggedin=NOW(), loginip=$ WHERE userid=$',
+			@inet_pton($ip), $userid
 		);
 	}
 
@@ -248,8 +250,8 @@
 */
 	{
 		qa_db_query_sub(
-			'UPDATE ^users SET written=NOW(), writeip=COALESCE(INET_ATON($), 0) WHERE userid=$',
-			$ip, $userid
+			'UPDATE ^users SET written=NOW(), writeip=$ WHERE userid=$',
+			@inet_pton($ip), $userid
 		);
 	}
 

qa-include/pages/admin/admin-approve.php

@@ -86,7 +86,7 @@
 			$message['content']=qa_lang_html('users/registered_label').' '.
 				strtr(qa_lang_html('users/x_ago_from_y'), array(
 					'^1' => qa_time_to_string(qa_opt('db_time')-$user['created']),
-					'^2' => qa_ip_anchor_html($user['createip']),
+					'^2' => qa_ip_anchor_html(@inet_ntop($user['createip'])),
 				)).'<br/>';
 
 			$htmlemail=qa_html($user['email']);

qa-include/pages/ip.php

@@ -30,7 +30,7 @@
 
 
 	$ip=qa_request_part(1); // picked up from qa-page.php
-	if (long2ip(ip2long($ip))!==$ip)
+	if (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4|FILTER_FLAG_IPV6) === false)
 		return include QA_INCLUDE_DIR.'qa-page-not-found.php';
 
 

qa-include/pages/question.php

@@ -430,8 +430,8 @@
 		(!qa_is_http_post()) &&
 		qa_is_human_probably() &&
 		( (!$question['views']) || ( // if it has more than zero views
-			( ($question['lastviewip']!=qa_remote_ip_address()) || (!isset($question['lastviewip'])) ) && // then it must be different IP from last view
-			( ($question['createip']!=qa_remote_ip_address()) || (!isset($question['createip'])) ) && // and different IP from the creator
+			( (@inet_ntop($question['lastviewip'])!=qa_remote_ip_address()) || (!isset($question['lastviewip'])) ) && // then it must be different IP from last view
+			( (@inet_ntop($question['createip'])!=qa_remote_ip_address()) || (!isset($question['createip'])) ) && // and different IP from the creator
 			( ($question['userid']!=$userid) || (!isset($question['userid'])) ) && // and different user from the creator
 			( ($question['cookieid']!=$cookieid) || (!isset($question['cookieid'])) ) // and different cookieid from the creator
 		) )
@@ -444,4 +444,4 @@
 
 /*
 	Omit PHP closing tag to help avoid accidental output
-*/
\ No newline at end of file
+*/

qa-include/pages/user-profile.php

@@ -583,7 +583,7 @@
 				'value' =>
 					strtr(qa_lang_html('users/x_ago_from_y'), array(
 						'^1' => qa_time_to_string(qa_opt('db_time')-$useraccount['loggedin']),
-						'^2' => qa_ip_anchor_html($useraccount['loginip']),
+						'^2' => qa_ip_anchor_html(@inet_ntop($useraccount['loginip'])),
 					)),
 				'note' => $userediting ? null : qa_lang_html('users/only_shown_moderators'),
 				'id' => 'lastlogin',
@@ -596,7 +596,7 @@
 					'value' =>
 						strtr(qa_lang_html('users/x_ago_from_y'), array(
 							'^1' => qa_time_to_string(qa_opt('db_time')-$useraccount['written']),
-							'^2' => qa_ip_anchor_html($useraccount['writeip']),
+							'^2' => qa_ip_anchor_html(@inet_ntop($useraccount['writeip'])),
 						)),
 					'note' => $userediting ? null : qa_lang_html('users/only_shown_moderators'),
 					'id' => 'lastwrite',
@@ -979,4 +979,4 @@
 
 /*
 	Omit PHP closing tag to help avoid accidental output
-*/
\ No newline at end of file
+*/

qa-include/qa-base.php

@@ -202,6 +202,48 @@
 		if (QA_PASSWORD_HASH) {
 			require_once QA_INCLUDE_DIR.'vendor/password_compat.php';
 		}
+
+		// http://stackoverflow.com/a/18277167
+		function ipv6_numeric($ip) {
+			$binNum = '';
+			foreach (unpack('C*', @inet_pton($ip)) as $byte) {
+				$binNum .= str_pad(decbin($byte), 8, "0", STR_PAD_LEFT);
+			}
+			return base_convert(ltrim($binNum, '0'), 2, 10);
+		}
+
+		// http://stackoverflow.com/a/12095836/753676
+		function ipv6_expand($ip){
+			$ipv6_wildcard = false;
+			$wildcards = '';
+			$wildcards_matched=array();
+			if(strpos($ip, "*")!==false){
+				$ipv6_wildcard = true;
+			}
+			if($ipv6_wildcard){
+				$wildcards = explode(":", $ip);
+				foreach($wildcards as $index => $value){
+					if($value == "*"){
+						$wildcards_matched[]=$index;
+						$wildcards[$index]="0";
+					}
+				}
+				$ip=implode($wildcards,":");
+			}
+
+			$hex = unpack("H*hex", @inet_pton($ip));
+			$ip = substr(preg_replace("/([A-f0-9]{4})/", "$1:", $hex['hex']), 0, -1);
+
+			if($ipv6_wildcard){
+				$wildcards = explode(":", $ip);
+				foreach($wildcards_matched as $index => $value){
+					$wildcards[$value]="*";
+				}
+				$ip=implode($wildcards,":");
+			}
+
+			return $ip;
+		}
 	}
 
 

qa-plugin/event-logger/qa-event-logger.php

@@ -33,7 +33,7 @@ class qa_event_logger
 
 				return 'CREATE TABLE ^eventlog ('.
 					'datetime DATETIME NOT NULL,'.
-					'ipaddress VARCHAR (15) CHARACTER SET ascii,'.
+					'ipaddress VARCHAR (45),'.
 					'userid '.qa_get_mysql_user_column_type().','.
 					'handle VARCHAR('.QA_DB_MAX_HANDLE_LENGTH.'),'.
 					'cookieid BIGINT UNSIGNED,'.