View Full Version : classes help
VistaBoy
14-10-2007, 03:21 AM
Hello i am trying to do this thing but it just dose not want to work
<?php
Class test
{
function call_function($value)
{
$value = mysql_query("SELECT * FROM users WHERE `username` = '$_SESSION[username]' AND `id` = '$_SESSION[id]' AND `password` = '$_SESSION[password]'");
$value = mysql_fetch_array($value);
return $value;
}
function call_function2($value)
{
$value = mysql_query("SELECT * FROM profile WHERE `username` = '$_SESSION[username]'");
$value = mysql_fetch_array($value);
return $value;
}
}
$script = new test();
echo("$script->call_function(username)");
?>
But it dose not show the user name ??? when i echo $script->call_function(username)
Invent
14-10-2007, 03:25 AM
<?php
class test
{
function call_function()
{
$value = mysql_query("SELECT * FROM users WHERE `username` = '$_SESSION[username]' AND `id` = '$_SESSION[id]' AND `password` = '$_SESSION[password]'");
$value = mysql_fetch_array($value);
return $value;
}
function call_function2($value)
{
$value = mysql_query("SELECT * FROM profile WHERE `username` = '$_SESSION[username]'");
$value = mysql_fetch_array($value);
return $value;
}
}
$script = new test;
$var = $script->call_function();
echo $var;
?>
VistaBoy
14-10-2007, 03:40 AM
how would that work if your not telling the call_function if to show the username or what ever out of the database.
Dentafrice,
14-10-2007, 03:57 AM
because if $_SESSION[username] is set, you don't need to define it in the function, its in the session.
VistaBoy
14-10-2007, 04:06 AM
yes but if you look its only SELECT * FROM ...
how will it know to show the username from the table or the userlevel or what ever i want to it show?
Invent
14-10-2007, 04:29 AM
Change 'return $value;' to 'return $value["username"];' or something then.
VistaBoy
14-10-2007, 05:22 AM
Okay i am trying this anther way
but i keep getting this error
Parse error: syntax error, unexpected T_VARIABLE, expecting ',' or ';'
and this is the code
$user = mysql_query("SELECT * FROM users WHERE `username` = '$_SESSION[username]' AND `id` = '$_SESSION[id]' AND `password` = '$_SESSION[password]'");
$user = mysql_fetch_array($user);
Class abc
{
var $u;
$this->u = $user[username];
}
$script = new abc;
Invent
14-10-2007, 11:46 AM
<?php
$query = "SELECT * FROM users WHERE `username` = '$_SESSION[username]' AND `id` = '$_SESSION[id]' AND `password` =
'$_SESSION[password]'";
$user = mysql_query( $query );
$fetch = mysql_fetch_array( $user );
class abc
{
var $u;
}
$script = new abc;
$script->u = $user[username];
?>
You really need to sort out the way you code, it's horrible.
Dentafrice,
14-10-2007, 12:28 PM
Its worse then mine... plus, why are you storing a password, in a session.. is it plaintext or encoded? Very bad security risk.
As long as its hashed its not a security risk. The only way you can access a session is via PHP or the server and if one of them is compromised then I think you have more to worry about than a hashed password stored in a session.
Its worse then mine... plus, why are you storing a password, in a session.. is it plaintext or encoded? Very bad security risk.
Dentafrice,
14-10-2007, 01:42 PM
True, but I was reading on sitepoint that using more then just an identifying variable (such as a username or userid) would be a potential security risk that you should just use that one variable to pull the information out and check it.
Actually doing that is more of a security risk. What if a hacker found a way to change that variable? He could theoretically could login as anyone he wanted. I would prefer to let the hacker have my hashed password as, assuming you are using salts, its useless in its current form and nearly impossible to crack.
True, but I was reading on sitepoint that using more then just an identifying variable (such as a username or userid) would be a potential security risk that you should just use that one variable to pull the information out and check it.
MD5 is quite easy to crack, i dont know about salts.
Dentafrice,
10-11-2007, 01:18 PM
You cannot crack MD5..
iTechnical
10-11-2007, 01:25 PM
You cannot crack MD5..
My cousin tried it. O.o
As Caleb said you can't.
Dentafrice,
10-11-2007, 01:27 PM
You can use rainbow tables, but other then that you need a big list of encoded MD5's.
Example:
Normal Text: hello
Md5 Hash: 5d41402abc4b2a76b9719d911017c592
You type in the 'cracker': 5d41402abc4b2a76b9719d911017c592
It searches through the database and finds:
Normal Text: hello
Md5 Hash: 5d41402abc4b2a76b9719d911017c592
It displays the Normal Text
Robbie
10-11-2007, 05:11 PM
Just like Hitman's big rainbow table he uses ;p
Want to hide these adverts? Register an account for free!
Powered by vBulletin® Version 4.2.5 Copyright © 2024 vBulletin Solutions Inc. All rights reserved.