e5c786377cee95f737ff9d4bbada817e14f94aa4
angie
  Mon Dec 12 09:25:06 2016 -0800
Better cookies and validation for hgLogin: instead of sending gbMembers.idx as
the login cookie and then never checking the value of the incoming cookie, use
a salted hash.  The salt is a secret text value specified by login.cookieSalt
in hg.conf.private.  For remote login, both hosts' hg.conf.private files must
specify the same login.cookieSalt.  In order to avoid logging out all users,
for now the correct value of gbMembers.idx is accepted in place of the salted
hash for local logins.  For remote logins without login.cookieSalt, there is
still no way to check the incoming cookie.  For local logins without
login.cookieSalt, the correct gbMembers.idx is accepted.
refs #17327

diff --git src/hg/inc/autoUpgrade.h src/hg/inc/autoUpgrade.h
index 303b0cb..efd2447 100644
--- src/hg/inc/autoUpgrade.h
+++ src/hg/inc/autoUpgrade.h
@@ -1,19 +1,21 @@
 /* autoUpgrade.c -- if possible, add a new column to an existing table.  If it fails,
  * try again every few minutes in case permissions are granted. */
 
 /* Copyright (C) 2016 The Regents of the University of California
  * See README in this or parent directory for licensing information. */
 
 #ifndef AUTOUPGRADE_H
 #define AUTOUPGRADE_H
 
+#include "jksql.h"
+
 void autoUpgradeTableAddColumn(struct sqlConnection *conn, char *tableName, char *columnName,
                                char *type, boolean notNull, char *defaultVal);
 /* Try to upgrade the table by adding column in a safe way handling success, failures
  * and retries with multiple CGIs running.
  * type must be a valid SQL type string like "varchar(255)", "longblob", "tinyint" etc.
  * If notNull is TRUE then 'NOT NULL' will be added to the column definition.
  * defaultVal must be a valid SQL expression (quoted if necessary) for type, for example
  * "''" for a string type, "0.0" for float, or "NULL" if notNull is FALSE. */
 
 #endif /* AUTOUPGRADE_H */