5faaad7e4a0cde71c69f9c73db7fe94cf5db8bdc
angie
  Thu Jun 9 11:42:40 2016 -0700
Revert "Added checking of wiki.loggedInCookie (numeric user ID) using random numbers as suggested by Max"

This reverts commit a240964d6dfdd6f8661487b64538d33518d88501.

Conflicts:
src/hg/hgSession/hgSession.c
-- doSessionDetail was moved up by Jonathan's changes, so it needed to be changed to get userName the old way.

diff --git src/hg/hgSession/hgSession.c src/hg/hgSession/hgSession.c
index 63998ff..e31e3a4 100644
--- src/hg/hgSession/hgSession.c
+++ src/hg/hgSession/hgSession.c
@@ -118,30 +118,42 @@
 else
     {
     printf("Signing in enables you to save current settings into a "
         "named session, and then restore settings from the session later.\n"
         "If you wish, you can share named sessions with other users.\n");
     printf("<P>The sign-in page is handled by our "
         "<A HREF=\"http://%s/\" TARGET=_BLANK>wiki system</A>:\n", wikiHost);
     printf("<A HREF=\"%s\"><B>click here to sign in.</B></A>\n",
         wikiLinkUserLoginUrl(cartSessionId(cart)));
     printf("The wiki also serves as a forum for users "
         "to share knowledge and ideas.\n");
     }
 }
 
 
+char *getLinkUserName()
+/* Return the user name specified in cookies from the browser, or NULL
+ * if 
+ * the user doesn't appear to be logged in. */
+{
+if (wikiLinkEnabled())
+   {
+   return cloneString(wikiLinkUserName());
+   }
+return NULL;
+}
+
 void showCartLinks()
 /* Print out links to cartDump and cartReset. */
 {
 char *session = cartSidUrlString(cart);
 char returnAddress[512];
 
 safef(returnAddress, sizeof(returnAddress), "%s?%s", hgSessionName(), session);
 printf("<A HREF=\"../cgi-bin/cartReset?%s&destination=%s\">Click here to "
        "reset</A> the browser user interface settings to their defaults.\n",
        session, cgiEncodeFull(returnAddress));
 }
 
 
 char *destAppScriptName()
 /* Return the complete path (/cgi-bin/... on our systems) of the destination
@@ -609,50 +621,51 @@
 dyStringPrintf(dyUrl, "?hgS_doLoadUrl=submit&hgS_loadUrlName=");
 printf("<LI>If a saved settings file is available from a web server, "
        "you can send email to others with a link such as "
        "%s<B>U</B> where <B>U</B> is the URL of your "
        "settings file, e.g. http://www.mysite.edu/~me/mySession.txt .  "
        "In this type of link, you can replace "
        "\"hgSession\" with \"hgTracks\" in order to proceed directly to "
        "the Genome Browser. For an example page using such links "
        "please see the <A HREF=\"../goldenPath/help/sessions.html\" "
        "TARGET=_BLANK>Session Gallery</A>.</LI>\n",
        dyUrl->string);
 printf("</UL>\n");
 dyStringFree(&dyUrl);
 }
 
-void doMainPage(char *userName, char *message)
+void doMainPage(char *message)
 /* Login status/links and session controls. */
 {
 puts("Content-Type:text/html\n");
 if (wikiLinkEnabled())
     {
-    if (userName)
-	welcomeUser(userName);
+    char *wikiUserName = wikiLinkUserName();
+    if (wikiUserName)
+	welcomeUser(wikiUserName);
     else
 	offerLogin();
     if (isNotEmpty(message))
 	{
 	if (cartVarExists(cart, hgsDoSessionDetail))
 	    webNewSection("Session Details");
 	else
 	    webNewSection("Updated Session");
 	puts(message);
 	}
-    showSessionControls(userName, TRUE, TRUE);
-    showLinkingTemplates(userName);
+    showSessionControls(wikiUserName, TRUE, TRUE);
+    showLinkingTemplates(wikiUserName);
     }
 else 
     {
     if (isNotEmpty(message))
 	{
 	if (cartVarExists(cart, hgsDoSessionDetail))
 	    webNewSection("Session Details");
 	else
 	    cartWebStart(cart, NULL, "Updated Session");
 	jsInit();
 	puts(message);
 	showSessionControls(NULL, FALSE, TRUE);
 	}
     else
 	showSessionControls(NULL, FALSE, FALSE);
@@ -715,40 +728,39 @@
             }
         }
     if (tdb->visibility != tvHide)
         outIfNotPresent(cart, dy, tdb->track, tdb->visibility);
     }
 
 // Put a variable in the cart that says we put the default 
 // visibilities in it.
 if (dy)
     dyStringPrintf(dy,"&%s=on", CART_HAS_DEFAULT_VISIBILITY);
 else
     printf("%s on", CART_HAS_DEFAULT_VISIBILITY);
 }
 
 #define INITIAL_USE_COUNT 0
-char *doNewSession(char *userName)
+char *doNewSession()
 /* Save current settings in a new named session.
  * Return a message confirming what we did. */
 {
-if (userName == NULL)
-    return "Unable to save session -- please log in and try again.";
 struct dyString *dyMessage = dyStringNew(2048);
 char *sessionName = trimSpaces(cartString(cart, hgsNewSessionName));
 char *encSessionName = cgiEncodeFull(sessionName);
 boolean shareSession = cartBoolean(cart, hgsNewSessionShare);
+char *userName = getLinkUserName();
 char *encUserName = cgiEncodeFull(userName);
 struct sqlConnection *conn = hConnectCentral();
 
 if (sqlTableExists(conn, namedSessionTable))
     {
     struct sqlResult *sr = NULL;
     struct dyString *dy = dyStringNew(16 * 1024);
     char **row;
     char *firstUse = "now()";
     int useCount = INITIAL_USE_COUNT;
     char firstUseBuf[32];
 
     /* If this session already existed, preserve its firstUse and useCount. */
     sqlDyStringPrintf(dy, "SELECT firstUse, useCount FROM %s "
 		       "WHERE userName = '%s' AND sessionName = '%s';",
@@ -865,37 +877,36 @@
     "select m.idx, n.firstUse from gbMembers m join namedSessionDb n on m.userName = n.userName "
     "where m.userName = \"%s\" and n.sessionName = \"%s\"",
     encUserName, encSessionName);
 sr = sqlGetResult(conn, query);
 row = sqlNextRow(sr);
 if (row == NULL)
     errAbort("cannot remove session from gallery; user %s, session %s",
         encUserName, encSessionName);
 
 char *filePath = sessionThumbnailFilePath(row[0], encSessionName, row[1]);
 if (filePath != NULL)
     unlink(filePath);
 sqlFreeResult(&sr);
 }
 
-char *doSessionDetail(char *userName, char *sessionName)
+char *doSessionDetail(char *sessionName)
 /* Show details about a particular session. */
 {
-if (userName == NULL)
-    return "Sorry, please log in again.";
 struct dyString *dyMessage = dyStringNew(4096);
 char *encSessionName = cgiEncodeFull(sessionName);
+char *userName = getLinkUserName();
 char *encUserName = cgiEncodeFull(userName);
 struct sqlConnection *conn = hConnectCentral();
 struct sqlResult *sr = NULL;
 char **row = NULL;
 char query[512];
 webPushErrHandlersCartDb(cart, cartUsualString(cart, "db", NULL));
 boolean gotSettings = (sqlFieldIndex(conn, namedSessionTable, "settings") >= 0);
 
 if (gotSettings)
     sqlSafef(query, sizeof(query), "SELECT shared, firstUse, settings from %s "
 	  "WHERE userName = '%s' AND sessionName = '%s'",
           namedSessionTable, encUserName, encSessionName);
 else
     sqlSafef(query, sizeof(query), "SELECT shared, firstUse from %s "
 	  "WHERE userName = '%s' AND sessionName = '%s'",
@@ -981,41 +992,40 @@
             "Description:<BR>\n"
             "<TEXTAREA NAME=\"%s\" ROWS=%d COLS=%d "
             "onChange=\"%s\" onKeypress=\"%s\">%s</TEXTAREA><BR>\n",
             hgsNewSessionDescription, 5, 80,
             highlightAccChanges, highlightAccChanges, description);
         }
     dyStringAppend(dyMessage, "</FORM>\n");
     sqlFreeResult(&sr);
     }
 else
     errAbort("doSessionDetail: got no results from query:<BR>\n%s\n", query);
 
 return dyStringCannibalize(&dyMessage);
 }
 
-char *doUpdateSessions(char *userName)
+char *doUpdateSessions()
 /* Look for cart variables matching prefixes for sharing/unsharing,
  * loading or deleting a previously saved session.
  * Return a message confirming what we did, or NULL if no such variables
  * were in the cart. */
 {
-if (userName == NULL)
-    return NULL;
 struct dyString *dyMessage = dyStringNew(1024);
 struct hashEl *cartHelList = NULL, *hel = NULL;
 struct sqlConnection *conn = hConnectCentral();
+char *userName = getLinkUserName();
 char *encUserName = cgiEncodeFull(userName);
 boolean didSomething = FALSE;
 char query[512];
 
 cartHelList = cartFindPrefix(cart, hgsGalleryPrefix);
 if (cartHelList != NULL)
     {
     struct hash *galleryHash = hashNew(0);
     char **row;
     struct sqlResult *sr;
     sqlSafef(query, sizeof(query),
 	  "select sessionName,shared from %s where userName = '%s'",
 	  namedSessionTable, encUserName);
     sr = sqlGetResult(conn, query);
     while ((row = sqlNextRow(sr)) != NULL)
@@ -1082,31 +1092,31 @@
 			   htmlEncode(sessionName),
 			   (newShared == TRUE ? "shared" : "unshared"));
         if (newShared == FALSE && inGallery == TRUE)
             thumbnailRemove(encUserName, encSessionName, conn);
 	    didSomething = TRUE;
 	    }
 	}
     hashFree(&sharedHash);
     }
 
 hel = cartFindPrefix(cart, hgsEditPrefix);
 if (hel != NULL)
     {
     char *encSessionName = hel->name + strlen(hgsEditPrefix);
     char *sessionName = cgiDecodeClone(encSessionName);
-    dyStringPrintf(dyMessage, "%s", doSessionDetail(userName, sessionName));
+    dyStringPrintf(dyMessage, "%s", doSessionDetail(sessionName));
     didSomething = TRUE;
     }
 
 hel = cartFindPrefix(cart, hgsLoadPrefix);
 if (hel != NULL)
     {
     char *encSessionName = hel->name + strlen(hgsLoadPrefix);
     char *sessionName = cgiDecodeClone(encSessionName);
     char wildStr[256];
     safef(wildStr, sizeof(wildStr), "%s*", hgsLoadPrefix);
     dyStringPrintf(dyMessage,
 		   "Loaded settings from session <B>%s</B>. %s %s<BR>\n",
 		   htmlEncode(sessionName),
 		   getSessionLink(encUserName, encSessionName),
 		   getSessionEmailLink(encUserName, encSessionName));
@@ -1279,40 +1289,39 @@
 }
 
 void renamePrefixedCartVar(char *prefix, char *oldName, char *newName)
 /* If cart has prefix+oldName, replace it with prefix+newName = submit. */
 {
 char varName[256];
 safef(varName, sizeof(varName), "%s%s", prefix, oldName);
 if (cartVarExists(cart, varName))
     {
     cartRemove(cart, varName);
     safef(varName, sizeof(varName), "%s%s", prefix, newName);
     cartSetString(cart, varName, "submit");
     }
 }
 
-char *doSessionChange(char *userName, char *oldSessionName)
+char *doSessionChange(char *oldSessionName)
 /* Process changes to session from session details page. */
 {
-if (userName == NULL)
-    return "Unable to make changes to session.  Please log in again.";
 struct dyString *dyMessage = dyStringNew(1024);
 webPushErrHandlersCartDb(cart, cartUsualString(cart, "db", NULL));
 char *sessionName = oldSessionName;
 char *encSessionName = cgiEncodeFull(sessionName);
 char *encOldSessionName = encSessionName;
+char *userName = getLinkUserName();
 char *encUserName = cgiEncodeFull(userName);
 struct sqlConnection *conn = hConnectCentral();
 struct sqlResult *sr = NULL;
 char **row = NULL;
 char query[512];
 int shared = 1;
 char *settings = NULL;
 boolean gotSettings = (sqlFieldIndex(conn, namedSessionTable, "settings") >= 0);
 
 if (gotSettings)
     sqlSafef(query, sizeof(query), "SELECT shared, settings from %s "
 	  "WHERE userName = '%s' AND sessionName = '%s'",
           namedSessionTable, encUserName, encSessionName);
 else
     sqlSafef(query, sizeof(query), "SELECT shared from %s "
@@ -1429,85 +1438,83 @@
 return dyStringCannibalize(&dyMessage);
 }
 
 
 void hgSession()
 /* hgSession - Interface with wiki login and do session saving/loading.
  * Here we set up cart and some global variables, dispatch the command,
  * and put away the cart when it is done. */
 {
 struct hash *oldVars = hashNew(10);
 
 /* Sometimes we output HTML and sometimes plain text; let each outputter
  * take care of headers instead of using a fixed cart*Shell(). */
 cart = cartAndCookieNoContent(hUserCookie(), excludeVars, oldVars);
 
-char *userName = wikiLinkEnabled() ? wikiLinkUserName() : NULL;
-
 if (cartVarExists(cart, hgsDoMainPage) || cartVarExists(cart, hgsCancel))
-    doMainPage(userName, NULL);
+    doMainPage(NULL);
 else if (cartVarExists(cart, hgsDoNewSession))
     {
-    char *message = doNewSession(userName);
-    doMainPage(userName, message);
+    char *message = doNewSession();
+    doMainPage(message);
     }
 else if (cartVarExists(cart, hgsDoOtherUser))
     {
     char *message = doOtherUser(hgsDoOtherUser);
-    doMainPage(userName, message);
+    doMainPage(message);
     }
 else if (cartVarExists(cart, hgsDoSaveLocal))
     {
     doSaveLocal();
     }
 else if (cartVarExists(cart, hgsDoLoadLocal))
     {
     char *message = doLoad(FALSE, hgsDoLoadLocal);
-    doMainPage(userName, message);
+    doMainPage(message);
     }
 else if (cartVarExists(cart, hgsDoLoadUrl))
     {
     char *message = doLoad(TRUE, hgsDoLoadUrl);
-    doMainPage(userName, message);
+    doMainPage(message);
     }
 else if (cartVarExists(cart, hgsDoSessionDetail))
     {
-    char *message = doSessionDetail(userName, cartString(cart, hgsDoSessionDetail));
-    doMainPage(userName, message);
+    char *message = doSessionDetail(cartString(cart, hgsDoSessionDetail));
+    doMainPage(message);
     }
 else if (cartVarExists(cart, hgsDoSessionChange))
     {
-    char *message = doSessionChange(userName, cartString(cart, hgsOldSessionName));
-    doMainPage(userName, message);
+    char *message = doSessionChange(cartString(cart, hgsOldSessionName));
+    doMainPage(message);
     }
 else if (cartVarExists(cart, hgsOldSessionName))
     {
-    char *message1 = doSessionChange(userName, cartString(cart, hgsOldSessionName));
-    char *message2 = doUpdateSessions(userName);
+    char *message1 = doSessionChange(cartString(cart, hgsOldSessionName));
+    char *message2 = doUpdateSessions();
     char *message = message2;
     if (!startsWith("No changes to session", message1))
 	{
 	size_t len = (sizeof message1[0]) * (strlen(message1) + strlen(message2) + 1);
 	message = needMem(len);
 	safef(message, len, "%s%s", message1, message2);
 	}
-    doMainPage(userName, message);
+    doMainPage(message);
     }
 else
     {
-    char *message = doUpdateSessions(userName);
-    doMainPage(userName, message);
+    char *message = doUpdateSessions();
+    doMainPage(message);
     }
 
 cleanHgSessionFromCart(cart);
 /* Save the cart state: */
 cartCheckout(&cart);
 }
 
 int main(int argc, char *argv[])
 /* Process command line. */
 {
 long enteredMainTime = clock1000();
 htmlPushEarlyHandlers();
 cgiSpoof(&argc, argv);
 setUdcCacheDir();
 hgSession();