Method name must be a string fatal error class - php

How can I fix this code? When I run check.php I get this error:
Erorr : Fatal error: Method name must be a string in C:\AppServ\www\Weboo\cms\check.php on line 46
<?php
ob_start();
session_start();
class mysql {
private $localhost = "localhost";
private $db_user = "root";
private $db_pass = "root";
private $db_name ="webocms";
function __construct(){
mysql_connect($this-> localhost,$this->db_user,$this->db_pass);
mysql_select_db($this->db_name);
}
}
function sql(){
$username = $_POST ['username'];
$password = $_POST['password'];
$sql = "SELECT * from users WHERE username='$username'
AND password='$password'";
$query = mysql_query($sql);
$num = mysql_num_rows($query);
if ($num > 1){
$_SESSION['username'] = "username";
$_SESSION['password'] = "password";
header("Location: admin/admin.php");
}else {
echo "<h2><b> No Users </h2></b>";
}
}
$use=new mysql;
$use->$sql();
ob_end_flush();
?>

As Mark said in the comments, I think it should be more like this:
<?php
ob_start();
session_start();
class mysql {
private $localhost = "localhost";
private $db_user = "root";
private $db_pass = "root";
private $db_name ="webocms";
function __construct(){
mysql_connect($this-> localhost,$this->db_user,$this->db_pass);
mysql_select_db($this->db_name);
}
function sql(){
$username = $_POST ['username'];
$password = $_POST['password'];
$sql = "SELECT * from users WHERE username='$username'
AND password='$password'";
$query = mysql_query($sql);
$num = mysql_num_rows($query);
if ($num > 1){
$_SESSION['username'] = "username";
$_SESSION['password'] = "password";
header("Location: admin/admin.php");
} else {
echo "<h2><b> No Users </h2></b>";
}
}
}
$use=new mysql;
$use->sql();
ob_end_flush();
?>
Notice, the sql() function is now inside your class and the 2nd to last line is $use->sql() not $use->$sql().

I think you've made a mistake with the closing brace of your mysql class. sql() is a function and not a method of the mysql class. You're also using a variable which in my opinion appears unintentional.
Instead it should be $use->sql(); but again that won't work until you put sql() inside the class.

Related

Why does my script not return a record from mySQL?

I am building a login portal with mySQL and PHP
I have this file (dbc.php):
<?php
class db_connect {
protected $DB_SERVER = "localhost";
protected $DB_USERNAME = "root";
protected $DB_PASSWORD = "";
protected $DB_DATABASE = "mydb";
public function connect() {
$conn = new mysqli($this->DB_SERVER, $this->DB_USERNAME, $this->DB_PASSWORD, $this->DB_DATABASE);
if(mysqli_connect_errno()) {
die("Connection failed: ". mysqli_connect_errno());
}
return $conn;
}
}
?>
Then my actual PHP script (login.php) takes a POST from the login page:
<?php
//include database connection
include("dbc.php");
session_start();
//put post values into variables
$username = $_POST['username'];
$password = $_POST['password'];
//create db connector object
$db = new db_connect();
$conn = $db->connect();
//select correct db
mysqli_select_db($conn,”mydb”);
$username = mysqli_real_escape_string($conn,$username);
$query = "SELECT password FROM mydb.users WHERE username = '$username'";
$result = mysqli_query($conn,$query);
if(mysqli_num_rows($result) == 0)
{
header('Location: sorry.html');
}
$pwhash = $result;
if (password_verify($password, $pwhash)) {
header('Location: welcome.php');
} else {
header('Location: sorry.html');
}
?>
This never returns a value which is odd.
Any help appreciated!
$result holds a MySQLi response resource, not a string or array.
You need to change this line:
$pwhash = $result;
To this:
$pwhash = mysqli_fetch_assoc($result)['password'];

Conditional failing with two functions returning true

So i have 2 functions that checks a users privilegues, and checks if the user can view the page. But it will not work as intended, and i cant figure out why. It's probably really basic, but i dont see it.
Here in use:
if(!isAdmin() || !userCanAddCourses()) {
echo 'You dont have permissions to view this page';
die;
return false;
}
Here is the functions:
function userCanAddCourses(){
$ugarr = getUserGroup($_SESSION['userid']);
$dbtype = "mysql";
$dbhost = DB_HOST;
$dbname = DB_NAME;
$dbuser = DB_USER;
$dbpass = DB_PASS;
$var = explode(',', $ugarr);
foreach ($var as $ug){
$doclibperm ='0';
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
$sql = "SELECT * from roles where id=:ug";
$stm = $conn->prepare($sql);
$stm->execute(array(':ug' => $ug));
$users = $stm->fetchAll();
foreach ($users as $row) {
$addcourses = $row['addcourse'];
if($addcourses=='1'){
return true;
}
}
}
}
function isAdmin() {
$userid = $_SESSION['userid'];
$dbtype = "mysql";
$dbhost = DB_HOST;
$dbname = DB_NAME;
$dbuser = DB_USER;
$dbpass = DB_PASS;
$network = getCurrentNetwork();
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
$sql = "SELECT * from users where network=:network and id=:userid";
$stm = $conn->prepare($sql);
$stm->execute(array(':network' => $network, ':userid'=>$userid));
$users = $stm->fetchAll();
foreach ($users as $row) {
$moderator = $row['role'];
}
if($moderator >= '4'){
return true;
}
}
In the scenario above, the user is an admin, but the userCanAadCourses function will not return true.
Ive tried removing die and return false, and then it will show the page along with the "You dont have permission" echo.
Its like it runs the conditional twice instead of doing the two arguments as one conditional..
Code below will work, but i think my first approach should work.
if(userCanAddCourses()){
$perm = 1;
}
if(isAdmin()){
$perm = 1;
}
if($perm != '1') {
echo 'You dont have permissions to view this page';
die;
return false;
}

Trying to display from mySQL using a class in php

I'm beginning php/MySql and have been asked to use a class to access my database. I can get the display to work when I have all my code in one file but when I try to call the class from another file, I get nothing.
This is the one that works:
<?php
$host = 'localhost';
$username = 'root';
$password = '';
$dbname = 'testdb';
$myNewConnection = mysqli_connect($host,$username,$password,$dbname);
$query = "SELECT user_name FROM users" or die ("Error..." . mysqli_error($myNewConnection));
// execute the query
$result = $myNewConnection->query($query);
// display output
while($row = mysqli_fetch_array($result)) {
echo $row["user_name"] . "<br>";
}
?>
This is my code to call the class:
<?php
include("users.php");
$host = 'localhost';
$username = 'root';
$password = '';
$dbname = 'testdb';
//initiate the class
$myDB = new MyDB('localhost', 'root', '', 'testdb');
//$myDB = new MyDB($host,$username,$password,$dbname);
?>
This is my class:
<?php
class MyDB {
public $query;
public $myConnection;
public function _construct($host,$username,$password,$dbname){
// establish the connection
$this->myConnection = mysqli_connect($host,$username,$password,$dbname);
}
public function list_users() {
// create query to list all users
$this->query = "SELECT user_name FROM users" or die ("Error..." . mysqli_error($this->$myNewConnection));
// execute the query
$result = $this->$myConnection->query($this->$query);
// display output
while($row = mysqli_fetch_array($result)) {
echo $row["user_name"] . "<br>";
}
}
}
?>
Any help appreciated
Change this line as below (remove the dollar sign from query and myConnection):
$result = $this->myConnection->query($this->query);
Plus you might need to call your list_users function using the code below (right after instantiating your class! Pass your defined variables to constructor instead of their actual values):
$myDB = new MyDB($host,$username,$password,$dbname);
$myDB->list_users();
Also constructors are written with two underscores like this:
public function __construct
function __construct with two "_". Delete all "$" after "->":
<?php
class MyDB {
public $query;
public $myConnection;
public function __construct($host,$username,$password,$dbname){
$this->myConnection = mysqli_connect($host,$username,$password,$dbname);
}
public function list_users() {
$this->query = "SELECT user_name FROM users";
if($result = $this->myConnection->query($this->query)) {
while($row = mysqli_fetch_array($result)) {
echo $row["user_name"] . "<br>";
}
}
}
}
And you have to run list_users():
<?php
include("users.php");
$host = 'localhost';
$username = 'root';
$password = '';
$dbname = 'testdb';
$myDB = new MyDB($host, $username, $password, $dbname);
$myDB->list_users();
?>

Unidentified variable after being declared

I'm getting this error
Fatal error: Non-static method Connect::connect() cannot be called statically in D:\xampp\htdocs\Panel\core\init.php on line 63
Here is my code
<?php
class Connect{
public $db_host = "localhost";
public $db_user = "root";
public $db_pass = "";
public $db_name = "panel";
public function connect(){
if(mysql_connect($db_host, $db_user, $db_pass)){
if(mysql_select_db($db_name)){
return true;
}else{
die(mysql_error());
}
}else{
die(mysql_error());
}
return false;
}
}
?>
How do I make the function static?
I tried adding 'static' to the function scope, but I got another error
Thanks :)
You have to pass the variables to function as parameter
function connect($db_host, $db_user, $db_pass,$db_name)
And call this function as
connect($db_host, $db_user, $db_pass,$db_name);
Edit
By seeing your pastebin, you are calling class variables, you have to use $this->variale_name to access them.
<?php
class Connect{
public $db_host = "localhost";
public $db_user = "root";
public $db_pass = "";
public $db_name = "panel";
public function connect(){
if(mysql_connect($this->db_host, $this->db_user, $this->db_pass)){
if(mysql_select_db($this->db_name)){
return true;
}else{
die(mysql_error());
}
}else{
die(mysql_error());
}
return false;
}
}
?>
PDO
<?php
class Connect{
private $db_host = "localhost";
private $db_user = "root";
private $db_pass = "";
private $db_name = "panel";
private $dbh = false;
public function connect(){
if ($this->dbh === false)
$this->dbh = new PDO('mysql:host='.$this->db_host.';dbname='.$this->db_name, $this->db_user, $this->db_pass);
return $this->dbh;
}
}
?>
You have to declare the variables inside the function like this
<?php
function connect(){
$db_host = "localhost";
$db_user = "root";
$db_pass = "";
$db_name = "panel";
if(mysql_connect($db_host, $db_user, $db_pass)){
if(mysql_select_db($db_name)){
}else{
die(mysql_error());
}
}else{
die(mysql_error());
}
}
?>
Or you can pass the parameters in the function like this
$db_host = "localhost";
$db_user = "root";
$db_pass = "";
$db_name = "panel";
connect($db_host,$db_user, $db_pass, $db_name);
function connect($db_host,$db_user, $db_pass, $db_name){
if(mysql_connect($db_host, $db_user, $db_pass)){
if(mysql_select_db($db_name)){
}else{
die(mysql_error());
}
}else{
die(mysql_error());
}
}
?>
$db_host = "localhost";
$db_user = "root";
$db_pass = "";
$db_name = "panel";
These variables are global and can't be accessible in function connect. If you have to use these global variables then use keyword global . Then these vars will be available within the function.
function connect(){
global $db_host, $db_user, $db_pass, $db_name ;
if(mysql_connect($db_host, $db_user, $db_pass)){
if(mysql_select_db($db_name)){
}else{
die(mysql_error());
}
}else{
die(mysql_error());
}
}

Basic PHP-script doesn't work

I'm new to PHP and SQL but I'm trying to create a simple PHP-script that allows a user to login to a website. It doesn't work for some reason and I can't see why. Every time I try to login with the correct username & password, I get the error "Wrong Username or Password". The database-name and table-name are correct.
connect.php:
<?php
$db_host = 'localhost';
$db_name = 'app';
$db_user = 'root';
$db_pass = '';
$tbl_name = 'users';
// Connect to server and database
mysql_connect("$db_host", "$db_user", "$db_pass") or die("Unable to connect to MySQL.");
mysql_select_db($db_name)or die("Cannot select database.");
// Info sent from form
$user = trim($_POST['user']);
$pass = trim($_POST['pass']);
// Protection against MySQL injection
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$sql = ("SELECT * FROM $tbl_name WHERE username='$user' and password='$pass'");
$result= mysql_query($sql);
$count 0= mysql_num_rows($result);
if($count==1){
// Register $user, $pass send the user to "score.php"
session_register("user");
session_register("pass");
header("location:score.php");
}
else
{
echo "Wrong Username or Password";
}
?>
score.php:
<?php
session_start();
if(!session_is_registered(user)){
header("location:login.html");
}
?>
<html>
<body>
<h1>Login Successful</h1>
</body>
</html>
I hope someone can find my mistake, thanks!
FYI session_register and session_is_registered are deprecated and will be removed from PHP. Also try to change your code to use mysqli or PDO. Plenty of articles explain how to do it. Finally, make sure you escape input from the user ($_POST array) because you never know what the user will send and you don't want to be prone to SQL injections. You really do not want to store passwords in clear text, so using SHA1 or MD5 is best.
Having written the above, your code becomes (you can use the $_SESSION global array directly):
connect.php:
<?php
$db_host = 'localhost';
$db_name = 'app';
$db_user = 'root';
$db_pass = '';
$tbl_name = 'users';
// Connect to server and database
mysql_connect($db_host, $db_user, $db_pass) or die("Unable to connect to MySQL.");
mysql_select_db($db_name) or die("Cannot select database.");
// Info sent from form
$user = trim($_POST['user']);
$pass = trim($_POST['pass']);
// Protection against MySQL injection
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$sql = "SELECT * FROM $tbl_name "
. "WHERE username = '$user' "
. "AND password = sha1('$pass')";
$result = mysql_query($sql);
// There was an extra 0 here before the equals
$count = mysql_num_rows($result);
if ($count==1)
{
// Register $user, $pass send the user to "score.php"
$_SESSION['user'] = $user;
// You really don't need to store the password unless you use
// it somewhere else
$_SESSION['pass'] = $pass;
header("location: ./score.php");
}
else
{
echo "Wrong Username or Password";
}
?>
score.php:
<?php
session_start();
if (!isset($_SESSION['user']))
{
header("location:login.html");
}
?>
<html>
<body>
<h1>Login Successful</h1>
</body>
</html>
A couple of things
Change this line to the one with error checking i have put below it
$result= mysql_query($sql);
$result= mysql_query($sql) or die(mysql_error());
chances are there is an sql error and you are not picking it up, so the result will always have 0 rows
Also not sure if this line is a typo or not, there shouldn't be a 0 in there
$count 0= mysql_num_rows($result);

Categories