5615ffccc75fa3e3a6b1477b696c1488a407b865
angie
  Thu May 12 13:22:56 2016 -0700
Check idx vs database -- temporary stopgap.

diff --git src/hg/lib/wikiLink.c src/hg/lib/wikiLink.c
index 0f163b9..1281dbf 100644
--- src/hg/lib/wikiLink.c
+++ src/hg/lib/wikiLink.c
@@ -59,30 +59,42 @@
 {
 return cfgOption(CFG_WIKI_LOGGED_IN_COOKIE);
 }
 
 char *wikiLinkUserName()
 /* Return the user name specified in cookies from the browser, or NULL if 
  * the user doesn't appear to be logged in. */
 {
 if (wikiLinkEnabled())
     {
     char *wikiUserName = findCookieData(wikiLinkUserNameCookie());
     char *wikiLoggedIn = findCookieData(wikiLinkLoggedInCookie());
 
     if (isNotEmpty(wikiLoggedIn) && isNotEmpty(wikiUserName))
 	{
+        if (loginSystemEnabled())
+            {
+            struct sqlConnection *conn = hConnectCentral();
+            char query[512];
+            sqlSafef(query, sizeof(query), "select idx from gbMembers where userName='%s'",
+                     wikiUserName);
+            char buf[512];
+            char *userId = sqlQuickQuery(conn, query, buf, sizeof(buf));
+            hDisconnectCentral(&conn);
+            if (!sameString(userId, wikiLoggedIn))
+                return NULL;
+            }
 	return cloneString(wikiUserName);
 	}
     }
 else
     errAbort("wikiLinkUserName called when wiki is not enabled (specified "
         "in hg.conf).");
 return NULL;
 }
 
 static char *encodedHgSessionReturnUrl(char *hgsid)
 /* Return a CGI-encoded hgSession URL with hgsid.  Free when done. */
 {
 char retBuf[1024];
 char *cgiDir = cgiScriptDirUrl();
 safef(retBuf, sizeof(retBuf), "http%s://%s%shgSession?hgsid=%s",