src/hg/lib/botDelay.c 4cffc3eb6f43e109452b5b52d1f760cf1ea6a981

4cffc3eb6f43e109452b5b52d1f760cf1ea6a981
jcasper
  Sun Jun 7 21:47:37 2026 -0700
Adjusting sessionDb and userDb IDs to be 64-bit in the code, since the database
is now ready for it and we're crossing the threshold.  refs #33554

diff --git src/hg/lib/botDelay.c src/hg/lib/botDelay.c
index e1200591629..3999733ddee 100644
--- src/hg/lib/botDelay.c
+++ src/hg/lib/botDelay.c
@@ -115,85 +115,85 @@
 return user;
 }
 
 boolean isValidHguid(char *cookieUserId)
 /* Check if a particular hguid is valid, i.e. well-formatted, has matching id and secure string,
  * and isn't corrupted. */
 {
 if (isEmpty(cookieUserId))
     return FALSE;
 boolean isValid = FALSE;
 struct sqlConnection *conn = hConnectCentralNoCache();
 char query[2048];
 if (cartDbHasSessionKey(conn, userDbTable()))
     {
     char *sessionKey = NULL;
-    unsigned id = cartDbParseId(cookieUserId, &sessionKey);
+    unsigned long id = cartDbParseId(cookieUserId, &sessionKey);
     if (sessionKey == NULL)
         {
         sqlDisconnect(&conn);
         return FALSE;
         }
-    sqlSafef(query, sizeof(query), "select id from %s where id = %u and sessionKey = '%s'",
+    sqlSafef(query, sizeof(query), "select id from %s where id = %lu and sessionKey = '%s'",
             userDbTable(), id, sessionKey);
     }
 else
     {
-    sqlSafef(query, sizeof(query), "select id from %s where id = %u", userDbTable(), sqlUnsigned(cookieUserId));
+    sqlSafef(query, sizeof(query), "select id from %s where id = %lu", userDbTable(), sqlUnsignedLong(cookieUserId));
     }
 if (sqlExists(conn, query))
     isValid = TRUE;
 sqlDisconnect(&conn);
 return isValid;
 }
 
 static void recordHguidIpAndMaybeForceCaptcha()
 /* When hguidIpTracking is enabled in hg.conf, upsert this request's
  * (hguid, REMOTE_ADDR) into the hgcentral tracking table.  If a single
  * hguid has been seen from more than hguidIpTracking.maxIps distinct IPs
  * within the last hguidIpTracking.windowSeconds, set the "captcha" CGI
  * var so forceUserIdOrCaptcha() in cart.c forces the user through the
  * Cloudflare captcha (the bypass at cart.c:1618 honors this override). */
 {
 if (!cfgOptionBooleanDefault("hguidIpTracking.enabled", FALSE))
     return;
 
 char *cookieUserId = getCookieUser();
 char *clientIp = getenv("REMOTE_ADDR");
 if (isEmpty(cookieUserId) || isEmpty(clientIp))
     return;
 
 if (!isValidHguid(cookieUserId))
     return;
 
-unsigned int userIdNum = cartDbParseId(cookieUserId, NULL);
+unsigned long userIdNum = cartDbParseId(cookieUserId, NULL);
 
 int maxIps = atoi(cfgOptionDefault("hguidIpTracking.maxIps", "10"));
 int windowSeconds = atoi(cfgOptionDefault("hguidIpTracking.windowSeconds", "600"));
 char *table = cfgOptionDefault("hguidIpTracking.table", "hguidIpAccess");
 
 struct sqlConnection *conn = hConnectCentralNoCache();
 char query[512];
 
 sqlSafef(query, sizeof(query),
-    "INSERT INTO %s (userId, ip, lastSeen) VALUES (%u, '%s', NOW()) "
+    "INSERT INTO %s (userId, ip, lastSeen) VALUES (%lu, '%s', NOW()) "
     "ON DUPLICATE KEY UPDATE lastSeen=NOW()",
     table, userIdNum, clientIp);
 sqlUpdate(conn, query);
 
 sqlSafef(query, sizeof(query),
-    "SELECT COUNT(DISTINCT ip) FROM %s WHERE userId=%u "
+    "SELECT COUNT(DISTINCT ip) FROM %s WHERE userId=%lu "
     "AND lastSeen > NOW() - INTERVAL %d SECOND",
     table, userIdNum, windowSeconds);
 int distinctIps = sqlQuickNum(conn, query);
 
 sqlDisconnect(&conn);
 
 if (distinctIps > maxIps)
     {
     cgiVarSet("captcha", "1");
     }
 }
 
 boolean isValidHgsidForEarlyBotCheck(char *raw_hgsid)
 /* We want to use the hgsid from the CGI parameters, but sometimes requests come in with bogus strings that
  * need to be ignored.  We don't want to run this against the database just yet, but we can at least check