Use hex values for IPs in SQL queries

Solves issues with binary when displaying queries, such as in debug mode.

Use hex values for IPs in SQL queries
Solves issues with binary when displaying queries, such as in debug mode.
e871abe5 · Scott · f91a1bda · e871abe5 · e871abe5 · e871abe5
Commit e871abe5 authored Jul 27, 2017 by Scott
10 changed files
--- a/qa-include/db/admin.php
+++ b/qa-include/db/admin.php
@@ -170,8 +170,8 @@ function qa_db_get_user_visible_postids($userid)
 function qa_db_get_ip_visible_postids($ip)
 {
 	return qa_db_read_all_values(qa_db_query_sub(
-		"SELECT postid FROM ^posts WHERE createip=$ AND type IN ('Q', 'A', 'C', 'Q_QUEUED', 'A_QUEUED', 'C_QUEUED')",
+		"SELECT postid FROM ^posts WHERE createip=UNHEX($) AND type IN ('Q', 'A', 'C', 'Q_QUEUED', 'A_QUEUED', 'C_QUEUED')",
-		@inet_pton($ip)
+		bin2hex(@inet_pton($ip))
 	));
 }

--- a/qa-include/db/blobs.php
+++ b/qa-include/db/blobs.php
@@ -47,8 +47,8 @@ function qa_db_blob_create($content, $format, $sourcefilename = null, $userid = 
 			continue;
 		qa_db_query_sub(
-			'INSERT INTO ^blobs (blobid, format, content, filename, userid, cookieid, createip, created) VALUES (#, $, $, $, $, #, $, NOW())',
+			'INSERT INTO ^blobs (blobid, format, content, filename, userid, cookieid, createip, created) VALUES (#, $, $, $, $, #, UNHEX($), NOW())',
-			$blobid, $format, $content, $sourcefilename, $userid, $cookieid, @inet_pton($ip)
+			$blobid, $format, $content, $sourcefilename, $userid, $cookieid, bin2hex(@inet_pton($ip))
 		);
 		return $blobid;

--- a/qa-include/db/cookies.php
+++ b/qa-include/db/cookies.php
@@ -41,8 +41,8 @@ function qa_db_cookie_create($ipaddress)
 		qa_db_query_sub(
 			'INSERT INTO ^cookies (cookieid, created, createip) ' .
-			'VALUES (#, NOW(), $)',
+			'VALUES (#, NOW(), UNHEX($))',
-			$cookieid, @inet_pton($ipaddress)
+			$cookieid, bin2hex(@inet_pton($ipaddress))
 		);
 		return $cookieid;
@@ -60,8 +60,8 @@ function qa_db_cookie_create($ipaddress)
 function qa_db_cookie_written($cookieid, $ipaddress)
 {
 	qa_db_query_sub(
-		'UPDATE ^cookies SET written=NOW(), writeip=$ WHERE cookieid=#',
+		'UPDATE ^cookies SET written=NOW(), writeip=UNHEX($) WHERE cookieid=#',
-		@inet_pton($ipaddress), $cookieid
+		bin2hex(@inet_pton($ipaddress)), $cookieid
 	);
 }

--- a/qa-include/db/hotness.php
+++ b/qa-include/db/hotness.php
@@ -49,8 +49,8 @@ function qa_db_hotness_update($firstpostid, $lastpostid = null, $viewincrement =
 			'(a.acount+0.0)*# + ' .
 			'(a.netvotes+0.0)*# + ' .
 			'(a.views+0.0+#)*#' .
-			')' . ($viewincrement ? ', x.views=x.views+1, x.lastviewip=$' : '') .
+			')' . ($viewincrement ? ', x.views=x.views+1, x.lastviewip=UNHEX($)' : '') .
-			' WHERE x.postid=a.postid' . ($viewincrement ? ' AND (x.lastviewip IS NULL OR x.lastviewip!=$)' : '');
+			' WHERE x.postid=a.postid' . ($viewincrement ? ' AND (x.lastviewip IS NULL OR x.lastviewip!=UNHEX($))' : '');
 		// Additional multiples based on empirical analysis of activity on Q2A meta site to give approx equal influence for all factors
@@ -66,8 +66,8 @@ function qa_db_hotness_update($firstpostid, $lastpostid = null, $viewincrement =
 		);
 		if ($viewincrement) {
-			$ipbin = @inet_pton(qa_remote_ip_address());
+			$ipHex = bin2hex(@inet_pton(qa_remote_ip_address()));
-			array_push($arguments, $ipbin, $ipbin);
+			array_push($arguments, $ipHex, $ipHex);
 		}
 		qa_db_query_raw(qa_db_apply_sub($query, $arguments));

--- a/qa-include/db/install.php
+++ b/qa-include/db/install.php
@@ -100,7 +100,7 @@ function qa_db_table_definitions()
 		'users' => array(
 			'userid' => $useridcoltype . ' NOT NULL AUTO_INCREMENT',
 			'created' => 'DATETIME NOT NULL',
-			'createip' => 'VARBINARY(16) NOT NULL', // INET_ATON of IP address when created
+			'createip' => 'VARBINARY(16) NOT NULL', // INET6_ATON of IP address when created
 			'email' => 'VARCHAR(' . QA_DB_MAX_EMAIL_LENGTH . ') NOT NULL',
 			'handle' => 'VARCHAR(' . QA_DB_MAX_HANDLE_LENGTH . ') NOT NULL', // username
 			'avatarblobid' => 'BIGINT UNSIGNED', // blobid of stored avatar
@@ -111,9 +111,9 @@ function qa_db_table_definitions()
 			'passhash' => 'VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_bin DEFAULT NULL', // password_hash
 			'level' => 'TINYINT UNSIGNED NOT NULL', // basic, editor, admin, etc...
 			'loggedin' => 'DATETIME NOT NULL', // time of last login
-			'loginip' => 'VARBINARY(16) NOT NULL', // INET_ATON of IP address of last login
+			'loginip' => 'VARBINARY(16) NOT NULL', // INET6_ATON of IP address of last login
 			'written' => 'DATETIME', // time of last write action done by user
-			'writeip' => 'VARBINARY(16)', // INET_ATON of IP address of last write action done by user
+			'writeip' => 'VARBINARY(16)', // INET6_ATON of IP address of last write action done by user
 			'emailcode' => 'CHAR(8) CHARACTER SET ascii NOT NULL DEFAULT \'\'', // for email confirmation or password reset
 			'sessioncode' => 'CHAR(8) CHARACTER SET ascii NOT NULL DEFAULT \'\'', // for comparing against session cookie in browser
 			'sessionsource' => 'VARCHAR (16) CHARACTER SET ascii DEFAULT \'\'', // e.g. facebook, openid, etc...
@@ -227,9 +227,9 @@ function qa_db_table_definitions()
 		'cookies' => array(
 			'cookieid' => 'BIGINT UNSIGNED NOT NULL',
 			'created' => 'DATETIME NOT NULL',
-			'createip' => 'VARBINARY(16) NOT NULL', // INET_ATON of IP address when cookie created
+			'createip' => 'VARBINARY(16) NOT NULL', // INET6_ATON of IP address when cookie created
 			'written' => 'DATETIME', // time of last write action done by anon user with cookie
-			'writeip' => 'VARBINARY(16)', // INET_ATON of IP address of last write action done by anon user with cookie
+			'writeip' => 'VARBINARY(16)', // INET6_ATON of IP address of last write action done by anon user with cookie
 			'PRIMARY KEY (cookieid)',
 		),
@@ -293,13 +293,13 @@ function qa_db_table_definitions()
 			'closedbyid' => 'INT UNSIGNED', // not null means question is closed
 			'userid' => $useridcoltype, // which user wrote it
 			'cookieid' => 'BIGINT UNSIGNED', // which cookie wrote it, if an anonymous post
-			'createip' => 'VARBINARY(16)', // INET_ATON of IP address used to create the post
+			'createip' => 'VARBINARY(16)', // INET6_ATON of IP address used to create the post
 			'lastuserid' => $useridcoltype, // which user last modified it
-			'lastip' => 'VARBINARY(16)', // INET_ATON of IP address which last modified the post
+			'lastip' => 'VARBINARY(16)', // INET6_ATON of IP address which last modified the post
 			'upvotes' => 'SMALLINT UNSIGNED NOT NULL DEFAULT 0',
 			'downvotes' => 'SMALLINT UNSIGNED NOT NULL DEFAULT 0',
 			'netvotes' => 'SMALLINT NOT NULL DEFAULT 0',
-			'lastviewip' => 'VARBINARY(16)', // INET_ATON of IP address which last viewed the post
+			'lastviewip' => 'VARBINARY(16)', // INET6_ATON of IP address which last viewed the post
 			'views' => 'INT UNSIGNED NOT NULL DEFAULT 0',
 			'hotness' => 'FLOAT',
 			'flagcount' => 'TINYINT UNSIGNED NOT NULL DEFAULT 0',
@@ -348,7 +348,7 @@ function qa_db_table_definitions()
 			'filename' => 'VARCHAR(' . QA_DB_MAX_BLOB_FILE_NAME_LENGTH . ')', // name of source file (if appropriate)
 			'userid' => $useridcoltype, // which user created it
 			'cookieid' => 'BIGINT UNSIGNED', // which cookie created it
-			'createip' => 'VARBINARY(16)', // INET_ATON of IP address that created it
+			'createip' => 'VARBINARY(16)', // INET6_ATON of IP address that created it
 			'created' => 'DATETIME', // when it was created
 			'PRIMARY KEY (blobid)',
 		),
@@ -455,7 +455,7 @@ function qa_db_table_definitions()
 		// most columns in iplimits have the same meaning as those in userlimits
 		'iplimits' => array(
-			'ip' => 'VARBINARY(16) NOT NULL', // INET_ATON of IP address
+			'ip' => 'VARBINARY(16) NOT NULL', // INET6_ATON of IP address
 			'action' => 'CHAR(1) CHARACTER SET ascii NOT NULL',
 			'period' => 'INT UNSIGNED NOT NULL',
 			'count' => 'SMALLINT UNSIGNED NOT NULL',

--- a/qa-include/db/limits.php
+++ b/qa-include/db/limits.php
@@ -46,8 +46,8 @@ function qa_db_limits_get($userid, $ip, $action)
 	}
 	if (isset($ip)) {
-		$selects[] = "(SELECT 'ip' AS limitkey, period, count FROM ^iplimits WHERE ip=$ AND action=$)";
+		$selects[] = "(SELECT 'ip' AS limitkey, period, count FROM ^iplimits WHERE ip=UNHEX($) AND action=$)";
-		$arguments[] = @inet_pton($ip);
+		$arguments[] = bin2hex(@inet_pton($ip));
 		$arguments[] = $action;
 	}
@@ -87,8 +87,8 @@ function qa_db_limits_user_add($userid, $action, $period, $count)
 function qa_db_limits_ip_add($ip, $action, $period, $count)
 {
 	qa_db_query_sub(
-		'INSERT INTO ^iplimits (ip, action, period, count) VALUES ($, $, #, #) ' .
+		'INSERT INTO ^iplimits (ip, action, period, count) VALUES (UNHEX($), $, #, #) ' .
 		'ON DUPLICATE KEY UPDATE count=IF(period=#, count+#, #), period=#',
-		@inet_pton($ip), $action, $period, $count, $period, $count, $count, $period
+		bin2hex(@inet_pton($ip)), $action, $period, $count, $period, $count, $count, $period
 	);
 }
--- a/qa-include/db/post-create.php
+++ b/qa-include/db/post-create.php
@@ -46,8 +46,8 @@ function qa_db_post_create($type, $parentid, $userid, $cookieid, $ip, $title, $c
 {
 	qa_db_query_sub(
 		'INSERT INTO ^posts (categoryid, type, parentid, userid, cookieid, createip, title, content, format, tags, notify, name, created) ' .
-		'VALUES (#, $, #, $, #, $, $, $, $, $, $, $, NOW())',
+		'VALUES (#, $, #, $, #, UNHEX($), $, $, $, $, $, $, NOW())',
-		$categoryid, $type, $parentid, $userid, $cookieid, @inet_pton($ip), $title, $content, $format, $tagstring, $notify, $name
+		$categoryid, $type, $parentid, $userid, $cookieid, bin2hex(@inet_pton($ip)), $title, $content, $format, $tagstring, $notify, $name
 	);
 	return qa_db_last_insert_id();

--- a/qa-include/db/post-update.php
+++ b/qa-include/db/post-update.php
@@ -52,8 +52,8 @@ function qa_db_post_set_selchildid($questionid, $selchildid, $lastuserid = null,
 	if (isset($selchildid) && isset($lastuserid) && isset($lastip)) {
 		qa_db_query_sub(
-			"UPDATE ^posts SET updated=NOW(), updatetype=$, lastuserid=$, lastip=$ WHERE postid=#",
+			"UPDATE ^posts SET updated=NOW(), updatetype=$, lastuserid=$, lastip=UNHEX($) WHERE postid=#",
-			QA_UPDATE_SELECTED, $lastuserid, @inet_pton($lastip), $selchildid
+			QA_UPDATE_SELECTED, $lastuserid, bin2hex(@inet_pton($lastip)), $selchildid
 		);
 	}
 }
@@ -71,8 +71,8 @@ function qa_db_post_set_closed($questionid, $closedbyid, $lastuserid = null, $la
 {
 	if (isset($lastuserid) || isset($lastip)) {
 		qa_db_query_sub(
-			"UPDATE ^posts SET closedbyid=#, updated=NOW(), updatetype=$, lastuserid=$, lastip=$ WHERE postid=#",
+			"UPDATE ^posts SET closedbyid=#, updated=NOW(), updatetype=$, lastuserid=$, lastip=UNHEX($) WHERE postid=#",
-			$closedbyid, QA_UPDATE_CLOSED, $lastuserid, @inet_pton($lastip), $questionid
+			$closedbyid, QA_UPDATE_CLOSED, $lastuserid, bin2hex(@inet_pton($lastip)), $questionid
 		);
 	} else {
 		qa_db_query_sub(
@@ -95,8 +95,8 @@ function qa_db_post_set_type($postid, $type, $lastuserid = null, $lastip = null,
 {
 	if (isset($lastuserid) || isset($lastip)) {
 		qa_db_query_sub(
-			'UPDATE ^posts SET type=$, updated=NOW(), updatetype=$, lastuserid=$, lastip=$ WHERE postid=#',
+			'UPDATE ^posts SET type=$, updated=NOW(), updatetype=$, lastuserid=$, lastip=UNHEX($) WHERE postid=#',
-			$type, $updatetype, $lastuserid, @inet_pton($lastip), $postid
+			$type, $updatetype, $lastuserid, bin2hex(@inet_pton($lastip)), $postid
 		);
 	} else {
 		qa_db_query_sub(
@@ -119,8 +119,8 @@ function qa_db_post_set_parent($postid, $parentid, $lastuserid = null, $lastip =
 {
 	if (isset($lastuserid) || isset($lastip)) {
 		qa_db_query_sub(
-			"UPDATE ^posts SET parentid=#, updated=NOW(), updatetype=$, lastuserid=$, lastip=$ WHERE postid=#",
+			"UPDATE ^posts SET parentid=#, updated=NOW(), updatetype=$, lastuserid=$, lastip=UNHEX($) WHERE postid=#",
-			$parentid, QA_UPDATE_PARENT, $lastuserid, @inet_pton($lastip), $postid
+			$parentid, QA_UPDATE_PARENT, $lastuserid, bin2hex(@inet_pton($lastip)), $postid
 		);
 	} else {
 		qa_db_query_sub(
@@ -151,8 +151,8 @@ function qa_db_post_set_content($postid, $title, $content, $format, $tagstring, 
 	if (isset($lastuserid) || isset($lastip)) {
 		// use COALESCE() for name since $name=null means it should not be modified (for backwards compatibility)
 		qa_db_query_sub(
-			'UPDATE ^posts SET title=$, content=$, format=$, tags=$, name=COALESCE($, name), notify=$, updated=NOW(), updatetype=$, lastuserid=$, lastip=$ WHERE postid=#',
+			'UPDATE ^posts SET title=$, content=$, format=$, tags=$, name=COALESCE($, name), notify=$, updated=NOW(), updatetype=$, lastuserid=$, lastip=UNHEX($) WHERE postid=#',
-			$title, $content, $format, $tagstring, $name, $notify, $updatetype, $lastuserid, @inet_pton($lastip), $postid
+			$title, $content, $format, $tagstring, $name, $notify, $updatetype, $lastuserid, bin2hex(@inet_pton($lastip)), $postid
 		);
 	} else {
 		qa_db_query_sub(
@@ -189,8 +189,8 @@ function qa_db_post_set_category($postid, $categoryid, $lastuserid = null, $last
 {
 	if (isset($lastuserid) || isset($lastip)) {
 		qa_db_query_sub(
-			"UPDATE ^posts SET categoryid=#, updated=NOW(), updatetype=$, lastuserid=$, lastip=$ WHERE postid=#",
+			"UPDATE ^posts SET categoryid=#, updated=NOW(), updatetype=$, lastuserid=$, lastip=UNHEX($) WHERE postid=#",
-			$categoryid, QA_UPDATE_CATEGORY, $lastuserid, @inet_pton($lastip), $postid
+			$categoryid, QA_UPDATE_CATEGORY, $lastuserid, bin2hex(@inet_pton($lastip)), $postid
 		);
 	} else {
 		qa_db_query_sub(

--- a/qa-include/db/selects.php
+++ b/qa-include/db/selects.php
@@ -372,11 +372,11 @@ function qa_db_qs_selectspec($voteuserid, $sort, $start, $categoryslugs = null, 
 	$selectspec['source'] .=
 		" JOIN (SELECT postid FROM ^posts WHERE " .
 		qa_db_categoryslugs_sql_args($categoryslugs, $selectspec['arguments']) .
-		(isset($createip) ? "createip=$ AND " : "") .
+		(isset($createip) ? "createip=UNHEX($) AND " : "") .
 		"type=$ " . $sortsql . " LIMIT #,#) y ON ^posts.postid=y.postid";
 	if (isset($createip)) {
-		$selectspec['arguments'][] = @inet_pton($createip);
+		$selectspec['arguments'][] = bin2hex(@inet_pton($createip));
 	}
 	array_push($selectspec['arguments'], $type, $start, $count);
@@ -474,12 +474,12 @@ function qa_db_recent_a_qs_selectspec($voteuserid, $start, $categoryslugs = null
 		" LEFT JOIN ^userpoints AS auserpoints ON aposts.userid=auserpoints.userid" .
 		" JOIN (SELECT postid FROM ^posts WHERE " .
 		qa_db_categoryslugs_sql_args($categoryslugs, $selectspec['arguments']) .
-		(isset($createip) ? "createip=$ AND " : "") .
+		(isset($createip) ? "createip=UNHEX($) AND " : "") .
 		"type=$ ORDER BY ^posts.created DESC LIMIT #,#) y ON aposts.postid=y.postid" .
 		($specialtype ? '' : " WHERE ^posts.type='Q'");
 	if (isset($createip)) {
-		$selectspec['arguments'][] = @inet_pton($createip);
+		$selectspec['arguments'][] = bin2hex(@inet_pton($createip));
 	}
 	array_push($selectspec['arguments'], $type, $start, $count);
@@ -528,12 +528,12 @@ function qa_db_recent_c_qs_selectspec($voteuserid, $start, $categoryslugs = null
 		" LEFT JOIN ^userpoints AS cuserpoints ON cposts.userid=cuserpoints.userid" .
 		" JOIN (SELECT postid FROM ^posts WHERE " .
 		qa_db_categoryslugs_sql_args($categoryslugs, $selectspec['arguments']) .
-		(isset($createip) ? "createip=$ AND " : "") .
+		(isset($createip) ? "createip=UNHEX($) AND " : "") .
 		"type=$ ORDER BY ^posts.created DESC LIMIT #,#) y ON cposts.postid=y.postid" .
 		($specialtype ? '' : " WHERE ^posts.type='Q' AND ((parentposts.type='Q') OR (parentposts.type='A'))");
 	if (isset($createip)) {
-		$selectspec['arguments'][] = @inet_pton($createip);
+		$selectspec['arguments'][] = bin2hex(@inet_pton($createip));
 	}
 	array_push($selectspec['arguments'], $type, $start, $count);
@@ -576,13 +576,13 @@ function qa_db_recent_edit_qs_selectspec($voteuserid, $start, $categoryslugs = n
 		" LEFT JOIN ^userpoints AS edituserpoints ON editposts.lastuserid=edituserpoints.userid" .
 		" JOIN (SELECT postid FROM ^posts WHERE " .
 		qa_db_categoryslugs_sql_args($categoryslugs, $selectspec['arguments']) .
-		(isset($lastip) ? "lastip=$ AND " : "") .
+		(isset($lastip) ? "lastip=UNHEX($) AND " : "") .
 		($onlyvisible ? "type IN ('Q', 'A', 'C')" : "1") .
 		" ORDER BY ^posts.updated DESC LIMIT #,#) y ON editposts.postid=y.postid" .
 		($onlyvisible ? " WHERE parentposts.type IN ('Q', 'A', 'C') AND ^posts.type IN ('Q', 'A', 'C')" : "");
 	if (isset($lastip)) {
-		$selectspec['arguments'][] = @inet_pton($lastip);
+		$selectspec['arguments'][] = bin2hex(@inet_pton($lastip));
 	}
 	array_push($selectspec['arguments'], $start, $count);
@@ -1970,8 +1970,8 @@ function qa_db_ip_limits_selectspec($ip)
 {
 	return array(
 		'columns' => array('action', 'period', 'count'),
-		'source' => '^iplimits WHERE ip=$',
+		'source' => '^iplimits WHERE ip=UNHEX($)',
-		'arguments' => array(@inet_pton($ip)),
+		'arguments' => array(bin2hex(@inet_pton($ip))),
 		'arraykey' => 'action',
 	);
 }

--- a/qa-include/db/users.php
+++ b/qa-include/db/users.php
@@ -53,21 +53,21 @@ function qa_db_user_create($email, $password, $handle, $level, $ip)
 {
 	require_once QA_INCLUDE_DIR . 'util/string.php';
-	$ipbin = @inet_pton($ip);
+	$ipHex = bin2hex(@inet_pton($ip));
 	if (QA_PASSWORD_HASH) {
 		qa_db_query_sub(
 			'INSERT INTO ^users (created, createip, email, passhash, level, handle, loggedin, loginip) ' .
-			'VALUES (NOW(), $, $, $, #, $, NOW(), $)',
+			'VALUES (NOW(), UNHEX($), $, $, #, $, NOW(), UNHEX($))',
-			$ipbin, $email, isset($password) ? password_hash($password, PASSWORD_BCRYPT) : null, (int)$level, $handle, $ipbin
+			$ipHex, $email, isset($password) ? password_hash($password, PASSWORD_BCRYPT) : null, (int)$level, $handle, $ipHex
 		);
 	} else {
 		$salt = isset($password) ? qa_random_alphanum(16) : null;
 		qa_db_query_sub(
 			'INSERT INTO ^users (created, createip, email, passsalt, passcheck, level, handle, loggedin, loginip) ' .
-			'VALUES (NOW(), $, $, $, UNHEX($), #, $, NOW(), $)',
+			'VALUES (NOW(), UNHEX($), $, $, UNHEX($), #, $, NOW(), UNHEX($))',
-			$ipbin, $email, $salt, isset($password) ? qa_db_calc_passcheck($password, $salt) : null, (int)$level, $handle, $ipbin
+			$ipHex, $email, $salt, isset($password) ? qa_db_calc_passcheck($password, $salt) : null, (int)$level, $handle, $ipHex
 		);
 	}
@@ -272,8 +272,8 @@ function qa_db_user_profile_set($userid, $field, $value)
 function qa_db_user_logged_in($userid, $ip)
 {
 	qa_db_query_sub(
-		'UPDATE ^users SET loggedin=NOW(), loginip=$ WHERE userid=$',
+		'UPDATE ^users SET loggedin=NOW(), loginip=UNHEX($) WHERE userid=$',
-		@inet_pton($ip), $userid
+		bin2hex(@inet_pton($ip)), $userid
 	);
 }
@@ -286,8 +286,8 @@ function qa_db_user_logged_in($userid, $ip)
 function qa_db_user_written($userid, $ip)
 {
 	qa_db_query_sub(
-		'UPDATE ^users SET written=NOW(), writeip=$ WHERE userid=$',
+		'UPDATE ^users SET written=NOW(), writeip=UNHEX($) WHERE userid=$',
-		@inet_pton($ip), $userid
+		bin2hex(@inet_pton($ip)), $userid
 	);
 }