Member Object Problem

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
Ruski
Forum Commoner
Posts: 28
Joined: Thu May 26, 2005 3:45 am

Member Object Problem

Post by Ruski »

Well in my script i got a class that has functions in it which im able to call. Im using the punbb methods of doing it.
First of all I make connect.php which declares a connection method:

Code: Select all

<?php 
include 'mysql.php'; 
$db = new DBLayer('localhost', 'user', 'pass', 'db', '', false);
?>
then iv got a methods.php which uses that connection method to run queries, such as the example below:

Code: Select all

<?php
require 'connect.php';

function check_cookie()
{
		$c = $db->query('SELECT * FROM users');
		$f = $db->fetch_assoc($c);
	if(isset($_COOKIE["rscheetah_cookie_temp"]))
	{
		list($cookie['username'], $cookie['password']) = unserialize(stripslashes($_COOKIE["rscheetah_cookie_temp"]));
		$username = strtolower($cookie['username']); 
		$password = strtolower($cookie['password']);		
		if(strtolower($f['username']) == $username && strtolower($f['password']) == $password)
		{
			return true;
		}
		else
		{
			return false;
		}
	}
	elseif(isset($_COOKIE["rscheetah_cookie_perm"]))
	{
		list($cookie['username'], $cookie['password']) = unserialize(stripslashes($_COOKIE["rscheetah_cookie_perm"]));
		$user = strtolower($cookie['username']); 
		$pass = strtolower($cookie['password']);	
		if(strtolower($f['username']) == $user && strtolower($f['password']) == $pass)
		{
			return true;
		}
		else
		{
			return false;
		}
	}
	else
		return false;
}
?>
This is the code that uses the query:

Code: Select all

$c = $db->query('SELECT * FROM users');
		$f = $db->fetch_assoc($c);
but when i run the script it shows an error of the member object called for a non object:

Code: Select all

Fatal error: Call to a member function on a non-object in /home/rsneebn/public_html/methods.php on line 7
Thanks in advance if anyone could help
Ruski
Forum Commoner
Posts: 28
Joined: Thu May 26, 2005 3:45 am

Post by Ruski »

never mind, i solved it by making $db global.
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

Or call the constructor in the function......

Why do you select _all_ username/password combinations from the table? You only need the one where the username and password equals the data in the cookie.

Btw, you shouldn't store username/passwords in a cookie... Not even if they are serialized...

For example, store a sha1 of (username + password) in the cookie... This way malicious users can never restore username and/or password...

And then select from users where sha1(concat(username, password)) = '$sha1value'
Post Reply