[PHP-DB] PDO error
Hi. When using this example from http://netevil.org/talks/index.php?t=pdos=20, the site of pdo's author Wez Furlong, I get this error: Fatal error: Call to a member function fetchAll() on a non-object in /www/home/testes/pdo_my1.php on line 8 ?php $dbh = new PDO('mysql:host=localhost;dbname=dbtest', 'user', 'pass'); $stmt = $dbh-query(SELECT * FROM foo); $rows = $stmt-fetchAll(); $count = count($rows); foreach ($rows as $row) { print_r($row); } $stmt = null; ? What's wrong with the example? I'm using php 5.1.0-dev, yesterday snapshot. Greetings -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] User authentication and redirect
I think I need to explain my question better. I have a db and the table contains 4 fields uid(pk) username password location I can authenticate the user / pass properly. The problem I am having is getting the information from field location and defining it as $location so I can do the following: (when I make $redirectLoginSuccess = example.php all works fine) snip $redirectLoginSuccess = $location; $redirectLoginFailed = ../index.php; /snip snip } header(Location: . $redirectLoginSuccess ); } else { header(Location: . $redirectLoginFailed ); /snip Here is where I query the db snip $LoginRS__query=sprintf(SELECT username, password FROM webauth WHERE username='%s' AND password='%s', get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); $LoginRS = mysql_query($LoginRS__query, $mysql) or die(mysql_error()); /snip On the landing page im using this for security: ?php session_start(); $MM_authorizedUsers = ; $MM_donotCheckaccess = true; // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(,, $strUsers); $arrGroups = Explode(,, $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == ) true) { $isValid = true; } } return $isValid; } $MM_restrictGoTo = ../index.php; if (!((isset($_SESSION['MM_Username'])) (isAuthorized(,$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'] { $MM_qsChar = ?; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, ?)) $MM_qsChar = ; if (isset($QUERY_STRING) strlen($QUERY_STRING) 0) $MM_referrer .= ? . $QUERY_STRING; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . accesscheck= . urlencode($MM_referrer); header(Location: . $MM_restrictGoTo); exit; } ? -Original Message- From: Ahmed Saad [mailto:[EMAIL PROTECTED] Sent: Thursday, July 14, 2005 8:34 AM To: Vinny Lape Cc: php-db@lists.php.net Subject: Re: [PHP-DB] User authentication and redirect hi Vinny, On 7/13/05, Vinny Lape [EMAIL PROTECTED] wrote: If user validates then look at db entry location then redirect to mydomain.com/location/index.php i don't think it's a good idea. what if the user bookmarked or took down a notice with the URL to your secured page (mydomain.com/location/index.php)? then he would just type the url heading directly for the bypassing your login page! i think u might want to put the user authorization code in your index php or even better put it in a file and require() that file at the top of of any page u want to protect. you can either use sessions or plain HTTP authentication (which is not a very good idea). -ahmed -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP-DB] User authentication and redirect
I can't see why you simply dont do this if ($LoginSuccessful) { $location = ; }else{ $location = ../index.php; } header(location=$location); If i don't have the solution, perhaps I am misunderstanding the problem Bastien From: Vinny Lape [EMAIL PROTECTED] To: php-db@lists.php.net Subject: RE: [PHP-DB] User authentication and redirect Date: Fri, 15 Jul 2005 09:01:52 -0400 I think I need to explain my question better. I have a db and the table contains 4 fields uid(pk) username password location I can authenticate the user / pass properly. The problem I am having is getting the information from field location and defining it as $location so I can do the following: (when I make $redirectLoginSuccess = example.php all works fine) snip $redirectLoginSuccess = $location; $redirectLoginFailed = ../index.php; /snip snip } header(Location: . $redirectLoginSuccess ); } else { header(Location: . $redirectLoginFailed ); /snip Here is where I query the db snip $LoginRS__query=sprintf(SELECT username, password FROM webauth WHERE username='%s' AND password='%s', get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); $LoginRS = mysql_query($LoginRS__query, $mysql) or die(mysql_error()); /snip On the landing page im using this for security: ?php session_start(); $MM_authorizedUsers = ; $MM_donotCheckaccess = true; // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(,, $strUsers); $arrGroups = Explode(,, $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == ) true) { $isValid = true; } } return $isValid; } $MM_restrictGoTo = ../index.php; if (!((isset($_SESSION['MM_Username'])) (isAuthorized(,$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'] { $MM_qsChar = ?; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, ?)) $MM_qsChar = ; if (isset($QUERY_STRING) strlen($QUERY_STRING) 0) $MM_referrer .= ? . $QUERY_STRING; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . accesscheck= . urlencode($MM_referrer); header(Location: . $MM_restrictGoTo); exit; } ? -Original Message- From: Ahmed Saad [mailto:[EMAIL PROTECTED] Sent: Thursday, July 14, 2005 8:34 AM To: Vinny Lape Cc: php-db@lists.php.net Subject: Re: [PHP-DB] User authentication and redirect hi Vinny, On 7/13/05, Vinny Lape [EMAIL PROTECTED] wrote: If user validates then look at db entry location then redirect to mydomain.com/location/index.php i don't think it's a good idea. what if the user bookmarked or took down a notice with the URL to your secured page (mydomain.com/location/index.php)? then he would just type the url heading directly for the bypassing your login page! i think u might want to put the user authorization code in your index php or even better put it in a file and require() that file at the top of of any page u want to protect. you can either use sessions or plain HTTP authentication (which is not a very good idea). -ahmed -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[suspicious - maybe spam] [PHP-DB] [suspicious - maybe spam] make your lady feels like a real ��lady��, give her ladys quartz by frank mullers .
you desire the finest ones from rolexes, cartiers, bvlgaries, frankmullers, harry winstons, breguets, jaeger-lecoultre, brietilings, tagheuers and tudors. with the same features, setting, logo, serialnumber, stainlessteelbody, sapphire crystal surface, they are classic. you will also flnd out how affordable the prices are. you might even vvant 2 or 3 watches for your collections. http://x8.wosr.preferredtosave.com/b4i/ or farther up the town? as a thing of course that they should dine with them. answered. Heaven is as boundless as the love of our Creator; the dumb animal is also His creature, and I firmly believe that no life will be lost, but each will receive as much happiness as he can enjoy, which will be sufficient for him. `My God! what cold hands!' he said. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] User authentication and redirect
Bastien Koert wrote: I can't see why you simply dont do this if ($LoginSuccessful) { $location = ; }else{ $location = ../index.php; } header(location=$location); If i don't have the solution, perhaps I am misunderstanding the problem Bastien From: Vinny Lape [EMAIL PROTECTED] To: php-db@lists.php.net Subject: RE: [PHP-DB] User authentication and redirect Date: Fri, 15 Jul 2005 09:01:52 -0400 I think I need to explain my question better. I have a db and the table contains 4 fields uid(pk) username password location I can authenticate the user / pass properly. The problem I am having is getting the information from field location and defining it as $location so I can do the following: (when I make $redirectLoginSuccess = example.php all works fine) snip $redirectLoginSuccess = $location; $redirectLoginFailed = ../index.php; /snip snip } header(Location: . $redirectLoginSuccess ); } else { header(Location: . $redirectLoginFailed ); /snip Here is where I query the db snip $LoginRS__query=sprintf(SELECT username, password FROM webauth WHERE username='%s' AND password='%s', get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password)); $LoginRS = mysql_query($LoginRS__query, $mysql) or die(mysql_error()); /snip On the landing page im using this for security: ?php session_start(); $MM_authorizedUsers = ; $MM_donotCheckaccess = true; // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(,, $strUsers); $arrGroups = Explode(,, $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == ) true) { $isValid = true; } } return $isValid; } $MM_restrictGoTo = ../index.php; if (!((isset($_SESSION['MM_Username'])) (isAuthorized(,$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'] { $MM_qsChar = ?; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, ?)) $MM_qsChar = ; if (isset($QUERY_STRING) strlen($QUERY_STRING) 0) $MM_referrer .= ? . $QUERY_STRING; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . accesscheck= . urlencode($MM_referrer); header(Location: . $MM_restrictGoTo); exit; } ? -Original Message- From: Ahmed Saad [mailto:[EMAIL PROTECTED] Sent: Thursday, July 14, 2005 8:34 AM To: Vinny Lape Cc: php-db@lists.php.net Subject: Re: [PHP-DB] User authentication and redirect hi Vinny, On 7/13/05, Vinny Lape [EMAIL PROTECTED] wrote: If user validates then look at db entry location then redirect to mydomain.com/location/index.php i don't think it's a good idea. what if the user bookmarked or took down a notice with the URL to your secured page (mydomain.com/location/index.php)? then he would just type the url heading directly for the bypassing your login page! i think u might want to put the user authorization code in your index php or even better put it in a file and require() that file at the top of of any page u want to protect. you can either use sessions or plain HTTP authentication (which is not a very good idea). -ahmed -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php you shouldn't do that (in my opinion) because of the following scenario: Bob needs access from a shared terminal. Bob puts in his (authorized) login information, and then bookmarks the resulting page. Fred comes along. Fred is not authorized to access the database. Fred follows the link out of curiosity, finds sensitive information, and either deletes it all, sells it to a competitor, or otherwise screws with it because he is bitter that he is being severly underpaid, all using either Bob's session information, or no session information, depending on how the session is set to expire. The best option is to put the login and login check functions in a file, include that file at the beginning of all your scripts which need access control, and then put the following code at the beginning of the script: if(login_check($user, $pass) { //allow access, main script body here } else { //deny access echo you