Results 1 to 19 of 19

Thread: [RESOLVED] Fatal error: Function name must be a string in

  1. #1

    Thread Starter
    Hyperactive Member
    Join Date
    Sep 2006
    Posts
    352

    Resolved [RESOLVED] Fatal error: Function name must be a string in

    Hi I am trying to figure out how some code works but unfortunately the original code was poorly formatted
    PHP Code:
    $q "select password from users where username = '$username'";

       
    $result mysql_query($q,$conn);

       if(!
    $result(mysql_numrows($result) < 1)){  // Affected line

          
    return 1//Indicates username failure

       

    Would be glad to find out whats wrong and a possible work around.
    Last edited by tendemo; Mar 31st, 2015 at 01:56 PM.

  2. #2
    Addicted Member Pc Monk's Avatar
    Join Date
    Feb 2010
    Posts
    188

    Re: Fatal error: Function name must be a string in

    well i dont see any error but your title says otherwise? so whats the problem here ? the only thing that i can mention is mysql that is deprecated .
    if you could be more specific maybe we can help you
    let me add this too that i didnt see any function named "name"
    try too paste the whole code
    Body Language tells the truth! even from the grave tsaeb eht morf gninnur ,nwod deaH
    All the big things started from little! teef my tsap evom sekans ,duol raor slluB
    Lietome.ir

  3. #3

    Thread Starter
    Hyperactive Member
    Join Date
    Sep 2006
    Posts
    352

    Re: Fatal error: Function name must be a string in

    Many Thanks for the reply here is the code
    PHP Code:
    <?

    /**
     * Checks whether or not the given username is in the

     * database, if so it checks if the given password is

     * the same password in the database for that user.

     * If the user doesn't exist or if the passwords don't

     * match up, it returns an error code (1 or 2). 

     * On success it returns 0.

     */

    function confirmUser($username, $password){

       global $conn;

       /* Add slashes if necessary (for query) */

       if(!get_magic_quotes_gpc()) {

        $username = addslashes($username);

       }

    /* Verify that user is in database */
       $q = "select password from users where username = '$username'";

       $result = mysql_query($q,$conn);

       if(!$result(mysql_numrows($result) < 1)){

          return 1; //Indicates username failure

       }

    /* Retrieve password from result, strip slashes */
       $dbarray = mysql_fetch_array($result);

       $dbarray['password']  = stripslashes($dbarray['password']);

       $password = stripslashes($password);

    /* Validate that password is correct */
       if($password == $dbarray['password']){

          return 0; //Success! Username and password confirmed

       }

       else{

          return 2; //Indicates password failure

       }

    }

    /**
     * checkLogin - Checks if the user has already previously

     * logged in, and a session with the user has already been

     * established. Also checks to see if user has been remembered.

     * If so, the database is queried to make sure of the user's 

     * authenticity. Returns true if the user has logged in.

     */

    function checkLogin(){

       /* Check if user has been remembered */

       if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){

          $_SESSION['username'] = $_COOKIE['cookname'];

          $_SESSION['password'] = $_COOKIE['cookpass'];

       }

    /* Username and password have been set */
       if(isset($_SESSION['username']) && isset($_SESSION['password'])){

          /* Confirm that username and password are valid */

          if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){

             /* Variables are incorrect, user not logged in */

             unset($_SESSION['username']);

             unset($_SESSION['password']);

             return false;

          }

          return true;

       }

       /* User not logged in */

       else{

          return false;

       }

    }

    /**
     * Determines whether or not to display the login

     * form or to show the user that he is logged in

     * based on if the session variables are set.

     */

    function displayLogin(){

       global $logged_in;

       if($logged_in){

          echo "<h1>Logged In!</h1>";

          echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>";

       }

       else{

    ?>

    <h1>Login</h1>
    <form action="" method="post">

    <table align="left" border="0" cellspacing="0" cellpadding="3">

    <tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr>

    <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr>

    <tr><td colspan="2" align="left"><input type="checkbox" name="remember">

    <font size="2">Remember me next time</td></tr>

    <tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr>

    <tr><td colspan="2" align="left"><a href="register.php">Join</a></td></tr>

    </table>

    </form>

    <?
       }

    }

    /**

     * Checks to see if the user has submitted his

     * username and password through the login form,

     * if so, checks authenticity in database and

     * creates session.

     */

    if(isset($_POST['sublogin'])){

       /* Check that all fields were typed in */

       if(!$_POST['user']  ||  !$_POST['pass']){

          die('You didn\'t fill in a required field.');

       }

       /* Spruce up username, check length */

       $_POST['user'] = trim($_POST['user']);

       if(strlen($_POST['user']) > 30){

          die("Sorry, the username is longer than 30 characters, please shorten it.");

       }

    /* Checks that username is in database and password is correct */
       $md5pass = md5($_POST['pass']);

       $result = confirmUser($_POST['user'], $md5pass);

    /* Check error codes */
       if($result == 1){

          die('That username doesn\'t exist in our database.');

       }

       else if($result == 2){

          die('Incorrect password, please try again.');

       }

    /* Username and password correct, register session variables */
       $_POST['user'] = stripslashes($_POST['user']);

       $_SESSION['username'] = $_POST['user'];

       $_SESSION['password'] = $md5pass;

    /**
        * This is the cool part: the user has requested that we remember that

        * he's logged in, so we set two cookies. One to hold his username,

        * and one to hold his md5 encrypted password. We set them both to

        * expire in 100 days. Now, next time he comes to our site, we will

        * log him in automatically.

        */

       if(isset($_POST['remember'])){

          setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");

          setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");

       }

    /* Quick self-redirect to avoid resending data on refresh */
       echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";

       return;

    }

    /* Sets the value of the logged_in variable, which can be used in your code */
    $logged_in = checkLogin();

    ?>

  4. #4
    PowerPoster kfcSmitty's Avatar
    Join Date
    May 2005
    Posts
    2,204

    Re: Fatal error: Function name must be a string in

    What error are you getting?

    Just a quick look at it shows that you're possibly vulnerable to SQL injection, and you allow a user to login if their username matches more than one user in the database.

    It also looks like you're storing the users username and password in a cookie, which is definitely bad practice, even more so since it doesn't like you're using secure cookies.

    You also shouldn't just be using md5 to hash your passwords in your database. MD5 has been shown to have collisions and so it is more recommended to do something like a SHA256 or 512 with a salt.

    But I'm rambling..... so I go back to my initial statement... What error are you getting?

  5. #5
    Addicted Member Pc Monk's Avatar
    Join Date
    Feb 2010
    Posts
    188

    Re: Fatal error: Function name must be a string in

    Code:
     if($logged_in){ 
    
          echo "<h1>Logged In!</h1>"; 
    
          echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>";
    caught a syntax error
    Code:
    $_SESSION['username']
    i did a quick look too
    but as kfcsmitty said what is the error ?
    where is the name function ! its really o_O!!!!!!
    Last edited by Pc Monk; Mar 31st, 2015 at 03:09 PM.
    Body Language tells the truth! even from the grave tsaeb eht morf gninnur ,nwod deaH
    All the big things started from little! teef my tsap evom sekans ,duol raor slluB
    Lietome.ir

  6. #6

    Thread Starter
    Hyperactive Member
    Join Date
    Sep 2006
    Posts
    352

    Re: Fatal error: Function name must be a string in

    Concerning what error I get is "Fatal error: Function name must be a string in line 35"
    Line 35
    reads Fatal error: Function name must be a string in
    Concerning where is the name find the reference as to where I got the code as I was trying to use it as an example to find out how it works.
    See full code reference I using here
    http://evolt.org/php_login_script_wi...er_me_feature/
    Thanks again
    Last edited by tendemo; Mar 31st, 2015 at 03:21 PM. Reason: typo error

  7. #7
    Addicted Member Pc Monk's Avatar
    Join Date
    Feb 2010
    Posts
    188

    Re: Fatal error: Function name must be a string in

    just edit that piece of it and run it for me
    its like a hunch u know
    Code:
    if ($result = mysql_query($q,$conn)) {
    echo  mysql_error();
    }
    else {
    die('its okay');
    }
    If(!$result(mysql_numrows($result) < 1)){
    return 1;*//Indicates*username*failure*
    
    }
    Last edited by Pc Monk; Mar 31st, 2015 at 04:15 PM. Reason: after all this dirty work
    Body Language tells the truth! even from the grave tsaeb eht morf gninnur ,nwod deaH
    All the big things started from little! teef my tsap evom sekans ,duol raor slluB
    Lietome.ir

  8. #8

    Thread Starter
    Hyperactive Member
    Join Date
    Sep 2006
    Posts
    352

    Re: Fatal error: Function name must be a string in

    Hi I just ran the script that you gave an received the following error
    Code:
    Parse error: syntax error, unexpected '*' in /home/tighrebu/public_html/bea/test.php on line 1
    Thanks

  9. #9
    Addicted Member Pc Monk's Avatar
    Join Date
    Feb 2010
    Posts
    188

    Re: Fatal error: Function name must be a string in

    well i dont know which one u ran after all that ..... ******* try this
    PHP Code:
    <? 

    /** 
     * Checks whether or not the given username is in the 

     * database, if so it checks if the given password is 

     * the same password in the database for that user. 

     * If the user doesn't exist or if the passwords don't 

     * match up, it returns an error code (1 or 2).  

     * On success it returns 0. 

     */ 

    function confirmUser($username, $password){ 

       global $conn; 

       /* Add slashes if necessary (for query) */ 

       if(!get_magic_quotes_gpc()) { 

        $username = addslashes($username); 

       } 

    /* Verify that user is in database */ 
       $q = "select password from users where username = '$username'"; 

       if  ($result = mysql_query($q,$conn)) {

    echo mysql_error();
        }
        else{
        die(‘finaly’);
        } 

       if(!$result(mysql_numrows($result) < 1)){ 

          return 1; //Indicates username failure 

       } 

    /* Retrieve password from result, strip slashes */ 
       $dbarray = mysql_fetch_array($result); 

       $dbarray['password']  = stripslashes($dbarray['password']); 

       $password = stripslashes($password); 

    /* Validate that password is correct */ 
       if($password == $dbarray['password']){ 

          return 0; //Success! Username and password confirmed 

       } 

       else{ 

          return 2; //Indicates password failure 

       } 



    /** 
     * checkLogin - Checks if the user has already previously 

     * logged in, and a session with the user has already been 

     * established. Also checks to see if user has been remembered. 

     * If so, the database is queried to make sure of the user's  

     * authenticity. Returns true if the user has logged in. 

     */ 

    function checkLogin(){ 

       /* Check if user has been remembered */ 

       if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){ 

          $_SESSION['username'] = $_COOKIE['cookname']; 

          $_SESSION['password'] = $_COOKIE['cookpass']; 

       } 

    /* Username and password have been set */ 
       if(isset($_SESSION['username']) && isset($_SESSION['password'])){ 

          /* Confirm that username and password are valid */ 

          if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){ 

             /* Variables are incorrect, user not logged in */ 

             unset($_SESSION['username']); 

             unset($_SESSION['password']); 

             return false; 

          } 

          return true; 

       } 

       /* User not logged in */ 

       else{ 

          return false; 

       } 



    /** 
     * Determines whether or not to display the login 

     * form or to show the user that he is logged in 

     * based on if the session variables are set. 

     */ 

    function displayLogin(){ 

       global $logged_in; 

       if($logged_in){ 

          echo "<h1>Logged In!</h1>"; 

          echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>"; 

       } 

       else{ 

    ?> 

    <h1>Login</h1> 
    <form action="" method="post"> 

    <table align="left" border="0" cellspacing="0" cellpadding="3"> 

    <tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr> 

    <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr> 

    <tr><td colspan="2" align="left"><input type="checkbox" name="remember"> 

    <font size="2">Remember me next time</td></tr> 

    <tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr> 

    <tr><td colspan="2" align="left"><a href="register.php">Join</a></td></tr> 

    </table> 

    </form> 

    <? 
       } 



    /** 

     * Checks to see if the user has submitted his 

     * username and password through the login form, 

     * if so, checks authenticity in database and 

     * creates session. 

     */ 

    if(isset($_POST['sublogin'])){ 

       /* Check that all fields were typed in */ 

       if(!$_POST['user']  ||  !$_POST['pass']){ 

          die('You didn\'t fill in a required field.'); 

       } 

       /* Spruce up username, check length */ 

       $_POST['user'] = trim($_POST['user']); 

       if(strlen($_POST['user']) > 30){ 

          die("Sorry, the username is longer than 30 characters, please shorten it."); 

       } 

    /* Checks that username is in database and password is correct */ 
       $md5pass = md5($_POST['pass']); 

       $result = confirmUser($_POST['user'], $md5pass); 

    /* Check error codes */ 
       if($result == 1){ 

          die('That username doesn\'t exist in our database.'); 

       } 

       else if($result == 2){ 

          die('Incorrect password, please try again.'); 

       } 

    /* Username and password correct, register session variables */ 
       $_POST['user'] = stripslashes($_POST['user']); 

       $_SESSION['username'] = $_POST['user']; 

       $_SESSION['password'] = $md5pass; 

    /** 
        * This is the cool part: the user has requested that we remember that 

        * he's logged in, so we set two cookies. One to hold his username, 

        * and one to hold his md5 encrypted password. We set them both to 

        * expire in 100 days. Now, next time he comes to our site, we will 

        * log him in automatically. 

        */ 

       if(isset($_POST['remember'])){ 

          setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/"); 

          setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/"); 

       } 

    /* Quick self-redirect to avoid resending data on refresh */ 
       echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">"; 

       return; 



    /* Sets the value of the logged_in variable, which can be used in your code */ 
    $logged_in = checkLogin(); 

    ?>
    and that was just * u had to remove from line 1 from test.php anyway
    Last edited by Pc Monk; Mar 31st, 2015 at 04:24 PM.
    Body Language tells the truth! even from the grave tsaeb eht morf gninnur ,nwod deaH
    All the big things started from little! teef my tsap evom sekans ,duol raor slluB
    Lietome.ir

  10. #10

    Thread Starter
    Hyperactive Member
    Join Date
    Sep 2006
    Posts
    352

    Re: Fatal error: Function name must be a string in

    Sorry ignore Let me try and correct then send what I have just some quick typos . Will send the results .Thanks
    Quote Originally Posted by tendemo View Post
    Hi I just ran the script that you gave an received the following error
    Code:
    Parse error: syntax error, unexpected '*' in /home/tighrebu/public_html/bea/test.php on line 1
    Thanks

  11. #11

    Thread Starter
    Hyperactive Member
    Join Date
    Sep 2006
    Posts
    352

    Re: Fatal error: Function name must be a string in

    Okay Ater adding the code I got this
    PHP Code:
    <?

    /**
     * Checks whether or not the given username is in the

     * database, if so it checks if the given password is

     * the same password in the database for that user.

     * If the user doesn't exist or if the passwords don't

     * match up, it returns an error code (1 or 2). 

     * On success it returns 0.

     */

    function confirmUser($username, $password){

       global $conn;

       /* Add slashes if necessary (for query) */

       if(!get_magic_quotes_gpc()) {

        $username = addslashes($username);

       }

    /* Verify that user is in database */
       if ($result = mysql_query($q,$conn)) {
         echo  mysql_error();
        }
        else {
        die('its okay');
        }
       If(!$result(mysql_numrows($result) < 1)){
        return 1;   /*Indicates*username*failure*/

    }

       }

    /* Retrieve password from result, strip slashes */
       $dbarray = mysql_fetch_array($result);

       $dbarray['password']  = stripslashes($dbarray['password']);

       $password = stripslashes($password);

    /* Validate that password is correct */
       if($password == $dbarray['password']){

          return 0; //Success! Username and password confirmed

       }

       else{

          return 2; //Indicates password failure

       }

     //  }

    /**
     * checkLogin - Checks if the user has already previously

     * logged in, and a session with the user has already been

     * established. Also checks to see if user has been remembered.

     * If so, the database is queried to make sure of the user's 

     * authenticity. Returns true if the user has logged in.

     */

    function checkLogin(){

       /* Check if user has been remembered */

       if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){

          $_SESSION['username'] = $_COOKIE['cookname'];

          $_SESSION['password'] = $_COOKIE['cookpass'];

       }

    /* Username and password have been set */
       if(isset($_SESSION['username']) && isset($_SESSION['password'])){

          /* Confirm that username and password are valid */

          if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){

             /* Variables are incorrect, user not logged in */

             unset($_SESSION['username']);

             unset($_SESSION['password']);

             return false;

          }

          return true;

       }

       /* User not logged in */

       else{

          return false;

       }

    }

    /**
     * Determines whether or not to display the login

     * form or to show the user that he is logged in

     * based on if the session variables are set.

     */

    function displayLogin(){

       global $logged_in;

       if($logged_in){

          echo "<h1>Logged In!</h1>";

          echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>";

       }

       else{

    ?>

    <h1>Login</h1>
    <form action="" method="post">

    <table align="left" border="0" cellspacing="0" cellpadding="3">

    <tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr>

    <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr>

    <tr><td colspan="2" align="left"><input type="checkbox" name="remember">

    <font size="2">Remember me next time</td></tr>

    <tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr>

    <tr><td colspan="2" align="left"><a href="register.php">Join</a></td></tr>

    </table>

    </form>

    <?
       }

    }

    /**

     * Checks to see if the user has submitted his

     * username and password through the login form,

     * if so, checks authenticity in database and

     * creates session.

     */

    if(isset($_POST['sublogin'])){

       /* Check that all fields were typed in */

       if($_POST['!user']  ||  $_POST['!pass']){

          die('You didn\'t fill in a required field.');

       }

       /* Spruce up username, check length */

       $_POST['user'] = trim($_POST['user']);

       if(strlen($_POST['user']) > 30){

          die("Sorry, the username is longer than 30 characters, please shorten it.");

       }

    /* Checks that username is in database and password is correct */
       $md5pass = md5($_POST['pass']);

       $result = confirmUser($_POST['user'], $md5pass);

    /* Check error codes */
       if($result == 1){

          die('That username doesn\'t exist in our database.');

       }

       else if($result == 2){

          die('Incorrect password, please try again.');

       }

    /* Username and password correct, register session variables */
       $_POST['user'] = stripslashes($_POST['user']);

       $_SESSION['username'] = $_POST['user'];

       $_SESSION['password'] = $md5pass;

    /**
        * This is the cool part: the user has requested that we remember that

        * he's logged in, so we set two cookies. One to hold his username,

        * and one to hold his md5 encrypted password. We set them both to

        * expire in 100 days. Now, next time he comes to our site, we will

        * log him in automatically.

        */

       if(isset($_POST['remember'])){

          setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/");

          setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");

       }

    /* Quick self-redirect to avoid resending data on refresh */
       echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";

       return;

    }

    /* Sets the value of the logged_in variable, which can be used in your code */
    $logged_in = checkLogin();

    ?>
    Now I have an error that states
    Code:
     Warning: mysql_fetch_array() expects parameter 1 to be resource, null given in /home/tighrebu/public_html/bea/login.php on line 45
    Line 45 is
    Code:
     $dbarray = mysql_fetch_array($result);

  12. #12
    Addicted Member Pc Monk's Avatar
    Join Date
    Feb 2010
    Posts
    188

    Re: Fatal error: Function name must be a string in

    try this

    PHP Code:
    <? 

    /** 
     * Checks whether or not the given username is in the 

     * database, if so it checks if the given password is 

     * the same password in the database for that user. 

     * If the user doesn't exist or if the passwords don't 

     * match up, it returns an error code (1 or 2).  

     * On success it returns 0. 

     */ 

    function confirmUser($username, $password){ 

       global $conn; 

       /* Add slashes if necessary (for query) */ 

       if(!get_magic_quotes_gpc()) { 

        $username = addslashes($username); 

       } 

    /* Verify that user is in database */ 
       $q = "select password from users where username = '$username'"; 

       if  ($result = mysql_query($q,$conn)) {

    echo "lets try it agian";
    echo mysql_error();
    }
    else{
    die('finaly');


       if(!$result(mysql_numrows($result) < 1)){

     
     echo "I want it here again".$result."<br>";
          return 1; //Indicates username failure 

       } 
    echo "I want it here again".$result."<br>";
    /* Retrieve password from result, strip slashes */ 
       $dbarray = mysql_fetch_array($result); 
    echo "I want it here again".$result."<br>";
       $dbarray['password']  = stripslashes($dbarray['password']); 

       $password = stripslashes($password); 

    /* Validate that password is correct */ 
       if($password == $dbarray['password']){ 

          return 0; //Success! Username and password confirmed 

       } 

       else{ 

          return 2; //Indicates password failure 

       } 



    /** 
     * checkLogin - Checks if the user has already previously 

     * logged in, and a session with the user has already been 

     * established. Also checks to see if user has been remembered. 

     * If so, the database is queried to make sure of the user's  

     * authenticity. Returns true if the user has logged in. 

     */ 

    function checkLogin(){ 

       /* Check if user has been remembered */ 

       if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){ 

          $_SESSION['username'] = $_COOKIE['cookname']; 

          $_SESSION['password'] = $_COOKIE['cookpass']; 

       } 

    /* Username and password have been set */ 
       if(isset($_SESSION['username']) && isset($_SESSION['password'])){ 

          /* Confirm that username and password are valid */ 

          if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){ 

             /* Variables are incorrect, user not logged in */ 

             unset($_SESSION['username']); 

             unset($_SESSION['password']); 

             return false; 

          } 

          return true; 

       } 

       /* User not logged in */ 

       else{ 

          return false; 

       } 



    /** 
     * Determines whether or not to display the login 

     * form or to show the user that he is logged in 

     * based on if the session variables are set. 

     */ 

    function displayLogin(){ 

       global $logged_in; 

       if($logged_in){ 

          echo "<h1>Logged In!</h1>"; 

          echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>"; 

       } 

       else{ 

    ?> 

    <h1>Login</h1> 
    <form action="" method="post"> 

    <table align="left" border="0" cellspacing="0" cellpadding="3"> 

    <tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr> 

    <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr> 

    <tr><td colspan="2" align="left"><input type="checkbox" name="remember"> 

    <font size="2">Remember me next time</td></tr> 

    <tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr> 

    <tr><td colspan="2" align="left"><a href="register.php">Join</a></td></tr> 

    </table> 

    </form> 

    <? 
       } 



    /** 

     * Checks to see if the user has submitted his 

     * username and password through the login form, 

     * if so, checks authenticity in database and 

     * creates session. 

     */ 

    if(isset($_POST['sublogin'])){ 

       /* Check that all fields were typed in */ 

       if(!$_POST['user']  ||  !$_POST['pass']){ 

          die('You didn\'t fill in a required field.'); 

       } 

       /* Spruce up username, check length */ 

       $_POST['user'] = trim($_POST['user']); 

       if(strlen($_POST['user']) > 30){ 

          die("Sorry, the username is longer than 30 characters, please shorten it."); 

       } 

    /* Checks that username is in database and password is correct */ 
       $md5pass = md5($_POST['pass']); 

       $result = confirmUser($_POST['user'], $md5pass); 

    /* Check error codes */ 
       if($result == 1){ 

          die('That username doesn\'t exist in our database.'); 

       } 

       else if($result == 2){ 

          die('Incorrect password, please try again.'); 

       } 

    /* Username and password correct, register session variables */ 
       $_POST['user'] = stripslashes($_POST['user']); 

       $_SESSION['username'] = $_POST['user']; 

       $_SESSION['password'] = $md5pass; 

    /** 
        * This is the cool part: the user has requested that we remember that 

        * he's logged in, so we set two cookies. One to hold his username, 

        * and one to hold his md5 encrypted password. We set them both to 

        * expire in 100 days. Now, next time he comes to our site, we will 

        * log him in automatically. 

        */ 

       if(isset($_POST['remember'])){ 

          setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/"); 

          setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/"); 

       } 

    /* Quick self-redirect to avoid resending data on refresh */ 
       echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">"; 

       return; 



    /* Sets the value of the logged_in variable, which can be used in your code */ 
    $logged_in = checkLogin(); 

    ?>
    and are you trying to get the password out ?
    + is the password encrypted ? what kind of encryption ?
    Last edited by Pc Monk; Mar 31st, 2015 at 05:12 PM.
    Body Language tells the truth! even from the grave tsaeb eht morf gninnur ,nwod deaH
    All the big things started from little! teef my tsap evom sekans ,duol raor slluB
    Lietome.ir

  13. #13

    Thread Starter
    Hyperactive Member
    Join Date
    Sep 2006
    Posts
    352

    Re: Fatal error: Function name must be a string in

    Hmm let me put it this way. I have a landing page index.html . When a user reaches there he can either log in or sign up. However once a user has signed up, if the user returns to the index page at any other time , they should be redirected to a main page which also has their credentials stored in some variables.
    I want the user to be automatically logged in once they return, hence no need for login or registration except they change their computer.
    Hope it makes sense.

  14. #14

    Thread Starter
    Hyperactive Member
    Join Date
    Sep 2006
    Posts
    352

    Re: Fatal error: Function name must be a string in

    Okay tried it and got stuck here
    Code:
     Parse error: syntax error, unexpected 'password' (T_STRING) in /home/tighrebu/public_html/bea/test3.php on line 53
    here is the line
    Code:
    $dbarray['password']  = stripslashes($dbarray['password']);
    I ran it as
    Code:
     test3.php

  15. #15
    Addicted Member Pc Monk's Avatar
    Join Date
    Feb 2010
    Posts
    188

    Re: Fatal error: Function name must be a string in

    well i could get dreamweaver now but the localhost no chance
    and tell me what was the output of the last code please
    and after that try this ! a new way hope it works
    PHP Code:
    <? 

    /** 
     * Checks whether or not the given username is in the 

     * database, if so it checks if the given password is 

     * the same password in the database for that user. 

     * If the user doesn't exist or if the passwords don't 

     * match up, it returns an error code (1 or 2).  

     * On success it returns 0. 

     */ 

    function confirmUser($username, $password){ 

       global $conn; 

       /* Add slashes if necessary (for query) */ 

       if(!get_magic_quotes_gpc()) { 

        $username = addslashes($username); 

       } 

    /* Verify that user is in database */ 
       $q = "select password from users where username = '$username'"; 

       if  ($result = mysql_query($q,$conn)) {

    echo "lets try it agian";
    echo mysql_error();
    }
    else{
    die('finaly');


       $while(dbarray=mysql_fetch_assoc($result)) {
         $dbpsswd = $dbarray['password'];
       echo $dbpswd."this is it";
       
     }
        $dbarray['password']  = stripslashes($dbarray['password']); 
    $dbwout = stripsplashes($dbpwssd);
    echo "this is mine".$dbwout;
    echo " this is yours".$dbarray['password'];
       $password = stripslashes($password); 
                    
                      echo $password."this is user";
    /* Validate that password is correct */ 
       if($password == $dbarray['password']){ 

          return 0; //Success! Username and password confirmed 

       } 

       else{ 

          return 2; //Indicates password failure 

       } 



    /** 
     * checkLogin - Checks if the user has already previously 

     * logged in, and a session with the user has already been 

     * established. Also checks to see if user has been remembered. 

     * If so, the database is queried to make sure of the user's  

     * authenticity. Returns true if the user has logged in. 

     */ 

    function checkLogin(){ 

       /* Check if user has been remembered */ 

       if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){ 

          $_SESSION['username'] = $_COOKIE['cookname']; 

          $_SESSION['password'] = $_COOKIE['cookpass']; 

       } 

    /* Username and password have been set */ 
       if(isset($_SESSION['username']) && isset($_SESSION['password'])){ 

          /* Confirm that username and password are valid */ 

          if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){ 

             /* Variables are incorrect, user not logged in */ 

             unset($_SESSION['username']); 

             unset($_SESSION['password']); 

             return false; 

          } 

          return true; 

       } 

       /* User not logged in */ 

       else{ 

          return false; 

       } 



    /** 
     * Determines whether or not to display the login 

     * form or to show the user that he is logged in 

     * based on if the session variables are set. 

     */ 

    function displayLogin(){ 

       global $logged_in; 

       if($logged_in){ 

          echo "<h1>Logged In!</h1>"; 

          echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>"; 

       } 

       else{ 

    ?> 

    <h1>Login</h1> 
    <form action="" method="post"> 

    <table align="left" border="0" cellspacing="0" cellpadding="3"> 

    <tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr> 

    <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr> 

    <tr><td colspan="2" align="left"><input type="checkbox" name="remember"> 

    <font size="2">Remember me next time</td></tr> 

    <tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr> 

    <tr><td colspan="2" align="left"><a href="register.php">Join</a></td></tr> 

    </table> 

    </form> 

    <? 
       } 



    /** 

     * Checks to see if the user has submitted his 

     * username and password through the login form, 

     * if so, checks authenticity in database and 

     * creates session. 

     */ 

    if(isset($_POST['sublogin'])){ 

       /* Check that all fields were typed in */ 

       if(!$_POST['user']  ||  !$_POST['pass']){ 

          die('You didn\'t fill in a required field.'); 

       } 

       /* Spruce up username, check length */ 

       $_POST['user'] = trim($_POST['user']); 

       if(strlen($_POST['user']) > 30){ 

          die("Sorry, the username is longer than 30 characters, please shorten it."); 

       } 

    /* Checks that username is in database and password is correct */ 
       $md5pass = md5($_POST['pass']); 

       $result = confirmUser($_POST['user'], $md5pass); 

    /* Check error codes */ 
       if($result == 1){ 

          die('That username doesn\'t exist in our database.'); 

       } 

       else if($result == 2){ 

          die('Incorrect password, please try again.'); 

       } 

    /* Username and password correct, register session variables */ 
       $_POST['user'] = stripslashes($_POST['user']); 

       $_SESSION['username'] = $_POST['user']; 

       $_SESSION['password'] = $md5pass; 

    /** 
        * This is the cool part: the user has requested that we remember that 

        * he's logged in, so we set two cookies. One to hold his username, 

        * and one to hold his md5 encrypted password. We set them both to 

        * expire in 100 days. Now, next time he comes to our site, we will 

        * log him in automatically. 

        */ 

       if(isset($_POST['remember'])){ 

          setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/"); 

          setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/"); 

       } 

    /* Quick self-redirect to avoid resending data on refresh */ 
       echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">"; 

       return; 



    /* Sets the value of the logged_in variable, which can be used in your code */ 
    $logged_in = checkLogin(); 

    ?>
    AND HERE IT COMES ANOTHER EDIT AFTER I SAW UR POST

    PHP Code:
    <? 

    /** 
     * Checks whether or not the given username is in the 

     * database, if so it checks if the given password is 

     * the same password in the database for that user. 

     * If the user doesn't exist or if the passwords don't 

     * match up, it returns an error code (1 or 2).  

     * On success it returns 0. 

     */ 

    function confirmUser($username, $password){ 

       global $conn; 

       /* Add slashes if necessary (for query) */ 

       if(!get_magic_quotes_gpc()) { 

        $username = addslashes($username); 

       } 

    /* Verify that user is in database */ 
       $q = "select password from users where username = '$username'"; 

       if  ($result = mysql_query($q,$conn)) {

    echo "lets try it agian";
    echo mysql_error();
    }
    else{
    die('finaly');


      while($dbarray=mysql_fetch_assoc($result)) {
         $dbpsswd = $dbarray['password'];
       echo $dbpswd."this is it";
       
     }
       
    $dbwout = stripsplashes($dbpwssd);
    echo "this is mine".$dbwout;
    echo " this is yours".$dbarray['password'];
       $password = stripslashes($password); 
                    
                      echo $password."this is user";
    /* Validate that password is correct */ 
       if($password == $dbwpout){ 

          return 0; //Success! Username and password confirmed 

       } 

       else{ 

          return 2; //Indicates password failure 

       } 



    /** 
     * checkLogin - Checks if the user has already previously 

     * logged in, and a session with the user has already been 

     * established. Also checks to see if user has been remembered. 

     * If so, the database is queried to make sure of the user's  

     * authenticity. Returns true if the user has logged in. 

     */ 

    function checkLogin(){ 

       /* Check if user has been remembered */ 

       if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){ 

          $_SESSION['username'] = $_COOKIE['cookname']; 

          $_SESSION['password'] = $_COOKIE['cookpass']; 

       } 

    /* Username and password have been set */ 
       if(isset($_SESSION['username']) && isset($_SESSION['password'])){ 

          /* Confirm that username and password are valid */ 

          if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){ 

             /* Variables are incorrect, user not logged in */ 

             unset($_SESSION['username']); 

             unset($_SESSION['password']); 

             return false; 

          } 

          return true; 

       } 

       /* User not logged in */ 

       else{ 

          return false; 

       } 



    /** 
     * Determines whether or not to display the login 

     * form or to show the user that he is logged in 

     * based on if the session variables are set. 

     */ 

    function displayLogin(){ 

       global $logged_in; 

       if($logged_in){ 

          echo "<h1>Logged In!</h1>"; 

          echo "Welcome <b>$_SESSION[username]</b>, you are logged in. <a href=\"logout.php\">Logout</a>"; 

       } 

       else{ 

    ?> 

    <h1>Login</h1> 
    <form action="" method="post"> 

    <table align="left" border="0" cellspacing="0" cellpadding="3"> 

    <tr><td>Username:</td><td><input type="text" name="user" maxlength="30"></td></tr> 

    <tr><td>Password:</td><td><input type="password" name="pass" maxlength="30"></td></tr> 

    <tr><td colspan="2" align="left"><input type="checkbox" name="remember"> 

    <font size="2">Remember me next time</td></tr> 

    <tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr> 

    <tr><td colspan="2" align="left"><a href="register.php">Join</a></td></tr> 

    </table> 

    </form> 

    <? 
       } 



    /** 

     * Checks to see if the user has submitted his 

     * username and password through the login form, 

     * if so, checks authenticity in database and 

     * creates session. 

     */ 

    if(isset($_POST['sublogin'])){ 

       /* Check that all fields were typed in */ 

       if(!$_POST['user']  ||  !$_POST['pass']){ 

          die('You didn\'t fill in a required field.'); 

       } 

       /* Spruce up username, check length */ 

       $_POST['user'] = trim($_POST['user']); 

       if(strlen($_POST['user']) > 30){ 

          die("Sorry, the username is longer than 30 characters, please shorten it."); 

       } 

    /* Checks that username is in database and password is correct */ 
       $md5pass = md5($_POST['pass']); 

       $result = confirmUser($_POST['user'], $md5pass); 

    /* Check error codes */ 
       if($result == 1){ 

          die('That username doesn\'t exist in our database.'); 

       } 

       else if($result == 2){ 

          die('Incorrect password, please try again.'); 

       } 

    /* Username and password correct, register session variables */ 
       $_POST['user'] = stripslashes($_POST['user']); 

       $_SESSION['username'] = $_POST['user']; 

       $_SESSION['password'] = $md5pass; 

    /** 
        * This is the cool part: the user has requested that we remember that 

        * he's logged in, so we set two cookies. One to hold his username, 

        * and one to hold his md5 encrypted password. We set them both to 

        * expire in 100 days. Now, next time he comes to our site, we will 

        * log him in automatically. 

        */ 

       if(isset($_POST['remember'])){ 

          setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/"); 

          setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/"); 

       } 

    /* Quick self-redirect to avoid resending data on refresh */ 
       echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">"; 

       return; 



    /* Sets the value of the logged_in variable, which can be used in your code */ 
    $logged_in = checkLogin(); 

    ?>
    Last edited by Pc Monk; Mar 31st, 2015 at 06:17 PM.
    Body Language tells the truth! even from the grave tsaeb eht morf gninnur ,nwod deaH
    All the big things started from little! teef my tsap evom sekans ,duol raor slluB
    Lietome.ir

  16. #16

    Thread Starter
    Hyperactive Member
    Join Date
    Sep 2006
    Posts
    352

    Re: Fatal error: Function name must be a string in

    Second to last one gives me
    Code:
     Parse error: syntax error, unexpected '=' in /home/tighrebu/public_html/bea/post15.php on line 42
    The last one gives a totally Blank page !

  17. #17
    Addicted Member Pc Monk's Avatar
    Join Date
    Feb 2010
    Posts
    188

    Re: Fatal error: Function name must be a string in

    can you use mysql_connect into this page and remove the $conn part in our query here :
    PHP Code:

    function confirmUser($username$password){ 

       global 
    $conn

       
    /* Add slashes if necessary (for query) */ 

       
    if(!get_magic_quotes_gpc()) { 

        
    $username addslashes($username); 

       } 

    /* Verify that user is in database */ 
       
    $q "select password from users where username = '$username'"

       if  (
    $result mysql_query($q,$conn)) {

    echo 
    "lets try it agian";
    echo 
    mysql_error();
    }
    else{
    die(
    'finaly');

    and then change the if part to this :
    PHP Code:
       if  (!$result mysql_query($q)) {

    echo 
    "lets try it agian";
    echo 
    mysql_error();

    and then put an echo here :
    PHP Code:
               
    /* Validate that password is correct */ 
       
    if($password == $dbwpout){ 
    echo 
    "happy to hear";
          return 
    0//Success! Username and password confirmed 

       
    }


       else{ 
     echo 
    "oh no ";
          return 
    2//Indicates password failure 

       

    Last edited by Pc Monk; Mar 31st, 2015 at 06:48 PM.
    Body Language tells the truth! even from the grave tsaeb eht morf gninnur ,nwod deaH
    All the big things started from little! teef my tsap evom sekans ,duol raor slluB
    Lietome.ir

  18. #18

    Thread Starter
    Hyperactive Member
    Join Date
    Sep 2006
    Posts
    352

    Re: Fatal error: Function name must be a string in

    Both of them return a Blank screen.

  19. #19
    WiggleWiggle dclamp's Avatar
    Join Date
    Aug 2006
    Posts
    3,529

    Re: Fatal error: Function name must be a string in

    I was not quite able to keep up with all the posts. But you missed an underscore in a function name. You put "mysql_numrows". It should be "mysql_num_rows". Not sure if this will fix your original issue.

    You should also be using MySQLi or PDO since mysql_ functions are no longer supported or even recommended

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width