Page 1 of 1

Member Object Problem

Posted: Sun Jun 19, 2005 12:21 pm
by Ruski
Well in my script i got a class that has functions in it which im able to call. Im using the punbb methods of doing it.
First of all I make connect.php which declares a connection method:

Code: Select all

<?php 
include 'mysql.php'; 
$db = new DBLayer('localhost', 'user', 'pass', 'db', '', false);
?>
then iv got a methods.php which uses that connection method to run queries, such as the example below:

Code: Select all

<?php
require 'connect.php';

function check_cookie()
{
		$c = $db->query('SELECT * FROM users');
		$f = $db->fetch_assoc($c);
	if(isset($_COOKIE["rscheetah_cookie_temp"]))
	{
		list($cookie['username'], $cookie['password']) = unserialize(stripslashes($_COOKIE["rscheetah_cookie_temp"]));
		$username = strtolower($cookie['username']); 
		$password = strtolower($cookie['password']);		
		if(strtolower($f['username']) == $username && strtolower($f['password']) == $password)
		{
			return true;
		}
		else
		{
			return false;
		}
	}
	elseif(isset($_COOKIE["rscheetah_cookie_perm"]))
	{
		list($cookie['username'], $cookie['password']) = unserialize(stripslashes($_COOKIE["rscheetah_cookie_perm"]));
		$user = strtolower($cookie['username']); 
		$pass = strtolower($cookie['password']);	
		if(strtolower($f['username']) == $user && strtolower($f['password']) == $pass)
		{
			return true;
		}
		else
		{
			return false;
		}
	}
	else
		return false;
}
?>
This is the code that uses the query:

Code: Select all

$c = $db->query('SELECT * FROM users');
		$f = $db->fetch_assoc($c);
but when i run the script it shows an error of the member object called for a non object:

Code: Select all

Fatal error: Call to a member function on a non-object in /home/rsneebn/public_html/methods.php on line 7
Thanks in advance if anyone could help

Posted: Sun Jun 19, 2005 12:29 pm
by Ruski
never mind, i solved it by making $db global.

Posted: Sun Jun 19, 2005 2:03 pm
by timvw
Or call the constructor in the function......

Why do you select _all_ username/password combinations from the table? You only need the one where the username and password equals the data in the cookie.

Btw, you shouldn't store username/passwords in a cookie... Not even if they are serialized...

For example, store a sha1 of (username + password) in the cookie... This way malicious users can never restore username and/or password...

And then select from users where sha1(concat(username, password)) = '$sha1value'