ecd6e5bc9b85bcbafb08da0c1dae876b284ba69c
angie
  Fri May 20 16:17:00 2016 -0700
New random-token method for login (HT Max & Galt): instead of requiring a new table gbMemberToken, use autoUpgrade to add a new column (keyList) to gbMembers that contains a list of long random keys, analogous to userDb and sessionDb's sessionKey (see cartDb.c).  The token cookie now includes both gbMembers.idx (for fast lookup) and the long random key, similar to the hguid cookie and hgsid CGI param.  keyList is a list in order to support user login on multiple web clients.  refs #17327 #17336 note-11

diff --git src/hg/hgLogin/hgLogin.c src/hg/hgLogin/hgLogin.c
index 2c59e55..4f8a592 100644
--- src/hg/hgLogin/hgLogin.c
+++ src/hg/hgLogin/hgLogin.c
@@ -1153,43 +1153,43 @@
 
 boolean usingNewPassword(struct sqlConnection *conn, char *userName, char *password)
 /* The user is using  requested new password */
 {
 char query[256];
 sqlSafef(query,sizeof(query), "SELECT passwordChangeRequired FROM gbMembers WHERE userName='%s'", userName);
 char *change = sqlQuickString(conn, query);
 sqlSafef(query,sizeof(query), "SELECT newPassword FROM gbMembers WHERE userName='%s'", userName);
 char *newPassword = sqlQuickString(conn, query);
 if (change && sameString(change, "Y") && checkPwd(password, newPassword))
     return TRUE;
 else
     return FALSE;
 }
 
-void displayLoginSuccess(char *userName)
+void displayLoginSuccess(char *userName, uint idx)
 /* display login success msg, and set cookie */
 {
 hPrintf("<h2>%s</h2>", brwName);
 hPrintf(
     "<p align=\"left\">"
     "</p>"
     "<span style='color:red;'></span>"
     "\n");
 /* Set cookies */
 hPrintf("<script language=\"JavaScript\">"
         " document.write(\"Login successful, setting cookies now...\");");
-struct slName *newCookies = loginLoginUser(userName), *sl;
+struct slName *newCookies = loginLoginUser(userName, idx), *sl;
 for (sl = newCookies;  sl != NULL;  sl = sl->next)
     hPrintf(" document.cookie = '%s';", sl->name);
 hPrintf(" </script>\n");
 cartRemove(cart,"hgLogin_userName");
 returnToURL(150);
 }
 
 void displayLogin(struct sqlConnection *conn)
 /* display and process login info */
 {
 struct sqlResult *sr;
 char **row;
 char query[256];
 char *userName = cartUsualString(cart, "hgLogin_userName", "");
 if (sameString(userName,""))
@@ -1221,31 +1221,31 @@
 struct gbMembers *m = gbMembersLoad(row);
 sqlFreeResult(&sr);
 
 /* Check user name exist and account activated */
 if (!sameString(m->accountActivated,"Y"))
     {              
     freez(&errMsg);
     errMsg = cloneString("Account is not activated.");
     displayLoginPage(conn);
     return;
     }
 if (checkPwd(password,m->password))
     {
     hPrintf("<h2>Login successful for user %s.\n</h2>\n", userName);
     clearNewPasswordFields(conn, userName);
-    displayLoginSuccess(userName);
+    displayLoginSuccess(userName, m->idx);
     return;
     } 
 else if (usingNewPassword(conn, userName, password))
     {
     cartSetString(cart, "hgLogin_changeRequired", "YES");
     changePasswordPage(conn);
     } 
 else
     {
     errMsg = cloneString(incorrectUsernameOrPassword);
     displayLoginPage(conn);
     return;
     }
 gbMembersFree(&m);
 }