Hello i am trying to do this thing but it just dose not want to work



<?php

Class test
{
function call_function($value)
{
$value = mysql_query("SELECT * FROM users WHERE `username` = '$_SESSION[username]' AND `id` = '$_SESSION[id]' AND `password` = '$_SESSION[password]'");
$value = mysql_fetch_array($value);
return $value;
}
function call_function2($value)
{
$value = mysql_query("SELECT * FROM profile WHERE `username` = '$_SESSION[username]'");
$value = mysql_fetch_array($value);
return $value;
}
}

$script = new test();

echo("$script->call_function(username)");

?>
But it dose not show the user name ??? when i echo $script->call_function(username)

<?php

class test
{
function call_function()
{
$value = mysql_query("SELECT * FROM users WHERE `username` = '$_SESSION[username]' AND `id` = '$_SESSION[id]' AND `password` = '$_SESSION[password]'");
$value = mysql_fetch_array($value);
return $value;
}
function call_function2($value)
{
$value = mysql_query("SELECT * FROM profile WHERE `username` = '$_SESSION[username]'");
$value = mysql_fetch_array($value);
return $value;
}
}

$script = new test;

$var = $script->call_function();
echo $var;

?>

how would that work if your not telling the call_function if to show the username or what ever out of the database.

because if $_SESSION[username] is set, you don't need to define it in the function, its in the session.

yes but if you look its only SELECT * FROM ...

how will it know to show the username from the table or the userlevel or what ever i want to it show?

Change 'return $value;' to 'return $value["username"];' or something then.

Okay i am trying this anther way

but i keep getting this error
Parse error: syntax error, unexpected T_VARIABLE, expecting ',' or ';'

and this is the code


$user = mysql_query("SELECT * FROM users WHERE `username` = '$_SESSION[username]' AND `id` = '$_SESSION[id]' AND `password` = '$_SESSION[password]'");
$user = mysql_fetch_array($user);
Class abc
{
var $u;
$this->u = $user[username];
}
$script = new abc;

<?php

$query = "SELECT * FROM users WHERE `username` = '$_SESSION[username]' AND `id` = '$_SESSION[id]' AND `password` =

'$_SESSION[password]'";

$user = mysql_query( $query );

$fetch = mysql_fetch_array( $user );

class abc
{

var $u;

}

$script = new abc;
$script->u = $user[username];

?>


You really need to sort out the way you code, it's horrible.

Its worse then mine... plus, why are you storing a password, in a session.. is it plaintext or encoded? Very bad security risk.

As long as its hashed its not a security risk. The only way you can access a session is via PHP or the server and if one of them is compromised then I think you have more to worry about than a hashed password stored in a session.


Its worse then mine... plus, why are you storing a password, in a session.. is it plaintext or encoded? Very bad security risk.

True, but I was reading on sitepoint that using more then just an identifying variable (such as a username or userid) would be a potential security risk that you should just use that one variable to pull the information out and check it.

Actually doing that is more of a security risk. What if a hacker found a way to change that variable? He could theoretically could login as anyone he wanted. I would prefer to let the hacker have my hashed password as, assuming you are using salts, its useless in its current form and nearly impossible to crack.


True, but I was reading on sitepoint that using more then just an identifying variable (such as a username or userid) would be a potential security risk that you should just use that one variable to pull the information out and check it.

MD5 is quite easy to crack, i dont know about salts.

You cannot crack MD5..

You cannot crack MD5..

My cousin tried it. O.o
As Caleb said you can't.

You can use rainbow tables, but other then that you need a big list of encoded MD5's.

Example:


Normal Text: hello
Md5 Hash: 5d41402abc4b2a76b9719d911017c592

You type in the 'cracker': 5d41402abc4b2a76b9719d911017c592

It searches through the database and finds:

Normal Text: hello
Md5 Hash: 5d41402abc4b2a76b9719d911017c592

It displays the Normal Text

Just like Hitman's big rainbow table he uses ;p