Dunoon Posted September 21, 2009 Share Posted September 21, 2009 Hi All.. I am just learning PHP and have ran into a problem. I am looking at some code for a friend that works with the county special olympics. A student did there website...Somethings have stopped work and he will not answer his email. The interface is setup as an Admin Center. When you login and click on the Admin center link this error pops up: Fatal error: Call to a member function on a non-object in /homepages/0/d252328289/htdocs/admin/admin/admin.php on line 81 I have looked at the admin.php page and here is what is on line 81 if(!$session->isAdmin()){ header("Location: ../login.php"); } Could someone nicely explain this to me. I am still learning Php. Thanks for all your help. PS. Here is the whole code: <? /** * Admin.php * * This is the Admin Center page. Only administrators * are allowed to view this page. This page displays the * database table of users and banned users. Admins can * choose to delete specific users, delete inactive users, * ban users, update user levels, etc. * */ /** * displayUsers - Displays the users database table in * a nicely formatted html table. */ function displayUsers(){ global $database; $q = "SELECT username,userlevel,email,timestamp " ."FROM ".TBL_USERS." ORDER BY userlevel DESC,username"; $result = $database->query($q); /* Error occurred, return given name by default */ $num_rows = mysql_numrows($result); if(!$result || ($num_rows < 0)){ echo "Error displaying info"; return; } if($num_rows == 0){ echo "Database table empty"; return; } /* Display table contents */ echo "<table align=\"left\" border=\"1\" cellspacing=\"0\" cellpadding=\"3\">\n"; echo "<tr><td><b>Username</b></td><td><b>Level</b></td><td><b>Email</b></td><td><b>Last Active</b></td></tr>\n"; for($i=0; $i<$num_rows; $i++){ $uname = mysql_result($result,$i,"username"); $ulevel = mysql_result($result,$i,"userlevel"); $email = mysql_result($result,$i,"email"); $time = date("m/d/Y g:i A", mysql_result($result,$i,"timestamp")); echo "<tr><td>$uname</td><td>$ulevel</td><td>$email</td><td>$time</td></tr>\n"; } echo "</table><br>\n"; } /** * displayBannedUsers - Displays the banned users * database table in a nicely formatted html table. */ function displayBannedUsers(){ global $database; $q = "SELECT username,timestamp " ."FROM ".TBL_BANNED_USERS." ORDER BY username"; $result = $database->query($q); /* Error occurred, return given name by default */ $num_rows = mysql_numrows($result); if(!$result || ($num_rows < 0)){ echo "Error displaying info"; return; } if($num_rows == 0){ echo "Database table empty"; return; } /* Display table contents */ echo "<table align=\"left\" border=\"1\" cellspacing=\"0\" cellpadding=\"3\">\n"; echo "<tr><td><b>Username</b></td><td><b>Time Banned</b></td></tr>\n"; for($i=0; $i<$num_rows; $i++){ $uname = mysql_result($result,$i,"username"); $time = date("m/d/Y g:i A", mysql_result($result,$i,"timestamp")); echo "<tr><td>$uname</td><td>$time</td></tr>\n"; } echo "</table><br>\n"; } /** * User not an administrator, redirect to main page * automatically. */ if(!$session->isAdmin()){ header("Location: ../login.php"); } else{ /** * Administrator is viewing page, so display all * forms. */ ?> <h1>Admin Center</h1> <span style="color:#FF0000; font-size:16px;"> <b>::::::::::::::::::::::::::::::::::::::::::::</b></span> <span style="color:#FF0000; font-size:16px;">Logged in as <b><? echo $session->username; ?></b></span><br><br> Back to [<a href="../login.php">Main Page</a>]<br><br> <? if($form->num_errors > 0){ echo "<span style=\"color:#FF0000; font-size:16px;\">" ."!*** Error with request, please fix</span><br><br>"; } ?> <table align="left" border="0" cellspacing="5" cellpadding="5"> <tr><td> <? /** * Display Users Table */ ?> <h3>Users Table Contents:</h3> <? displayUsers(); ?> </td></tr> <tr> <td> <br> <? /** * Update User Level */ ?> <h3>Update User Level</h3> <? echo $form->error("upduser"); ?> <table> <form action="admin/adminprocess.php" method="POST"> <tr><td> Username:<br> <input type="text" name="upduser" maxlength="30" value="<? echo $form->value("upduser"); ?>"> </td> <td> Level:<br> <select name="updlevel"> <option value="1">1 <option value="9">9 </select> </td> <td> <br> <input type="hidden" name="subupdlevel" value="1"> <input type="submit" value="Update Level"> </td></tr> </form> </table> </td> </tr> <tr> <td><hr></td> </tr> <tr> <td> <? /** * Delete User */ ?> <h3>Delete User</h3> <? echo $form->error("deluser"); ?> <form action="admin/adminprocess.php" method="POST"> Username:<br> <input type="text" name="deluser" maxlength="30" value="<? echo $form->value("deluser"); ?>"> <input type="hidden" name="subdeluser" value="1"> <input type="submit" value="Delete User"> </form> </td> </tr> <tr> <td><hr></td> </tr> <tr> <td> <? /** * Delete Inactive Users */ ?> <h3>Delete Inactive Users</h3> This will delete all users (not administrators), who have not logged in to the site<br> within a certain time period. You specify the days spent inactive.<br><br> <table> <form action="admin/adminprocess.php" method="POST"> <tr><td> Days:<br> <select name="inactdays"> <option value="3">3 <option value="7">7 <option value="14">14 <option value="30">30 <option value="100">100 <option value="365">365 </select> </td> <td> <br> <input type="hidden" name="subdelinact" value="1"> <input type="submit" value="Delete All Inactive"> </td> </form> </table> </td> </tr> <tr> <td><hr></td> </tr> <tr> <td> <? /** * Ban User */ ?> <h3>Ban User</h3> <? echo $form->error("banuser"); ?> <form action="admin/adminprocess.php" method="POST"> Username:<br> <input type="text" name="banuser" maxlength="30" value="<? echo $form->value("banuser"); ?>"> <input type="hidden" name="subbanuser" value="1"> <input type="submit" value="Ban User"> </form> </td> </tr> <tr> <td><hr></td> </tr> <tr><td> <? /** * Display Banned Users Table */ ?> <h3>Banned Users Table Contents:</h3> <? displayBannedUsers(); ?> </td></tr> <tr> <td><hr></td> </tr> <tr> <td> <? /** * Delete Banned User */ ?> <h3>Delete Banned User</h3> <? echo $form->error("delbanuser"); ?> <form action="admin/adminprocess.php" method="POST"> Username:<br> <input type="text" name="delbanuser" maxlength="30" value="<? echo $form->value("delbanuser"); ?>"> <input type="hidden" name="subdelbanned" value="1"> <input type="submit" value="Delete Banned User"> </form> </td> </tr> </table> </body> </html> <? } ?> Quote Link to comment Share on other sites More sharing options...
MadTechie Posted September 21, 2009 Share Posted September 21, 2009 First off please use code tags (#) by the looks of things the admin.php shouldn't be access directly as $form, $database and $session are not set, I'm going to take a guess but assume his forgot to include a common.php or functions.php or config.php file if you can find a function called isAdmin() function isAdmin( then you could probably work out the code from their Quote Link to comment Share on other sites More sharing options...
Dunoon Posted September 21, 2009 Author Share Posted September 21, 2009 Thanks for your help..I will look around for the function. Sorry about not using tags..:-( Quote Link to comment Share on other sites More sharing options...
Dunoon Posted September 22, 2009 Author Share Posted September 22, 2009 Well I found the function in the sessions.php file: /** * isAdmin - Returns true if currently logged in user is * an administrator, false otherwise. */ function isAdmin(){ return ($this->userlevel == ADMIN_LEVEL || $this->username == ADMIN_NAME); } I found the Admin_Name located in the constants.php file. I changed it to my username with the correct Admin_level. Still trying to figure out the code and get it fixed. Still popping the same error. What else would you like me to post that may help figure out the problem. Still learn the rope of php.. Thanks again for the help Quote Link to comment Share on other sites More sharing options...
MadTechie Posted September 22, 2009 Share Posted September 22, 2009 okay, now does sessions.php have a lines that says. include "constants.php"; or require"constants.php"; it may also be include_once or require_once, also see if you can find a file that includes "sessions.php" (same idea as above) the reason i ask, is to try to get an idea of what type of setup is used, for example he may of created a file called config.php that includes the above and calls the classes, if you wish, you could upload the files here and i could have a quick look, (you require 10+ posts to upload last time i checked) but you could zip+ mail them if you like Quote Link to comment Share on other sites More sharing options...
Dunoon Posted September 22, 2009 Author Share Posted September 22, 2009 Hi. I found a file called adminprocess.php that includes the sessions.php file.. Here it is: <? /** * AdminProcess.php * * The AdminProcess class is meant to simplify the task of processing * admin submitted forms from the admin center, these deal with * member system adjustments. * * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC) * Last Updated: August 15, 2004 */ include("../include/session.php"); class AdminProcess { /* Class constructor */ function AdminProcess(){ global $session; /* Make sure administrator is accessing page */ if(!$session->isAdmin()){ header("Location: ../login.php"); return; } /* Admin submitted update user level form */ if(isset($_POST['subupdlevel'])){ $this->procUpdateLevel(); } /* Admin submitted delete user form */ else if(isset($_POST['subdeluser'])){ $this->procDeleteUser(); } /* Admin submitted delete inactive users form */ else if(isset($_POST['subdelinact'])){ $this->procDeleteInactive(); } /* Admin submitted ban user form */ else if(isset($_POST['subbanuser'])){ $this->procBanUser(); } /* Admin submitted delete banned user form */ else if(isset($_POST['subdelbanned'])){ $this->procDeleteBannedUser(); } /* Should not get here, redirect to home page */ else{ header("Location: ../login.php"); } } /** * procUpdateLevel - If the submitted username is correct, * their user level is updated according to the admin's * request. */ function procUpdateLevel(){ global $session, $database, $form; /* Username error checking */ $subuser = $this->checkUsername("upduser"); /* Errors exist, have user correct them */ if($form->num_errors > 0){ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ../index.php?mode=admin/admin"); } /* Update user level */ else{ $database->updateUserField($subuser, "userlevel", (int)$_POST['updlevel']); header("Location: ../index.php?mode=admin/admin"); } } /** * procDeleteUser - If the submitted username is correct, * the user is deleted from the database. */ function procDeleteUser(){ global $session, $database, $form; /* Username error checking */ $subuser = $this->checkUsername("deluser"); /* Errors exist, have user correct them */ if($form->num_errors > 0){ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ../index.php?mode=admin/admin"); } /* Delete user from database */ else{ $q = "DELETE FROM ".TBL_USERS." WHERE username = '$subuser'"; $database->query($q); header("Location: ../index.php?mode=admin/admin"); } } /** * procDeleteInactive - All inactive users are deleted from * the database, not including administrators. Inactivity * is defined by the number of days specified that have * gone by that the user has not logged in. */ function procDeleteInactive(){ global $session, $database; $inact_time = $session->time - $_POST['inactdays']*24*60*60; $q = "DELETE FROM ".TBL_USERS." WHERE timestamp < $inact_time " ."AND userlevel != ".ADMIN_LEVEL; $database->query($q); header("Location: ../index.php?mode=admin/admin"); } /** * procBanUser - If the submitted username is correct, * the user is banned from the member system, which entails * removing the username from the users table and adding * it to the banned users table. */ function procBanUser(){ global $session, $database, $form; /* Username error checking */ $subuser = $this->checkUsername("banuser"); /* Errors exist, have user correct them */ if($form->num_errors > 0){ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ../index.php?mode=admin/admin"); } /* Ban user from member system */ else{ $q = "DELETE FROM ".TBL_USERS." WHERE username = '$subuser'"; $database->query($q); $q = "INSERT INTO ".TBL_BANNED_USERS." VALUES ('$subuser', $session->time)"; $database->query($q); header("Location: ../index.php?mode=admin/admin"); } } /** * procDeleteBannedUser - If the submitted username is correct, * the user is deleted from the banned users table, which * enables someone to register with that username again. */ function procDeleteBannedUser(){ global $session, $database, $form; /* Username error checking */ $subuser = $this->checkUsername("delbanuser", true); /* Errors exist, have user correct them */ if($form->num_errors > 0){ $_SESSION['value_array'] = $_POST; $_SESSION['error_array'] = $form->getErrorArray(); header("Location: ../index.php?mode=admin/admin"); } /* Delete user from database */ else{ $q = "DELETE FROM ".TBL_BANNED_USERS." WHERE username = '$subuser'"; $database->query($q); header("Location: ../index.php?mode=admin/admin"); } } /** * checkUsername - Helper function for the above processing, * it makes sure the submitted username is valid, if not, * it adds the appropritate error to the form. */ function checkUsername($uname, $ban=false){ global $database, $form; /* Username error checking */ $subuser = $_POST[$uname]; $field = $uname; //Use field name for username if(!$subuser || strlen($subuser = trim($subuser)) == 0){ $form->setError($field, "* Username not entered<br>"); } else{ /* Make sure username is in database */ $subuser = stripslashes($subuser); if(strlen($subuser) < 5 || strlen($subuser) > 30 || !eregi("^([0-9a-z])+$", $subuser) || (!$ban && !$database->usernameTaken($subuser))){ $form->setError($field, "* Username does not exist<br>"); } } return $subuser; } }; /* Initialize process */ $adminprocess = new AdminProcess; ?> Thanks for looking. Quote Link to comment Share on other sites More sharing options...
MadTechie Posted September 22, 2009 Share Posted September 22, 2009 Ahh okay.. well this code function procUpdateLevel(){ global $session, $database, $form; shows that $session, $database, $form are being used So i am hoping session.php has all the parts we need okay, is adminprocess.php in the same folder as admin.php (assuming it is) update the top part admin.php from <? /** * Admin.php to <?php include("../include/session.php"); /** * Admin.php and try that Quote Link to comment Share on other sites More sharing options...
Dunoon Posted September 22, 2009 Author Share Posted September 22, 2009 Awesome..that fixed that part.. When that page finally came up all looked ok until I hit the go back to main page link then I got this: Login Username: <input type="text" name="user" maxlength="30" value=" Fatal error: Call to a member function on a non-object in /homepages/0/d252328289/htdocs/admin/login.php on line 25 <? if($session->logged_in){ echo "<h1>Logged In</h1>"; echo "Welcome <b>$session->username</b>, you are logged in. <br><br>" ."[<a href=\"userinfo.php?user=$session->username\">My Account</a>] " ."[<a href=\"useredit.php\">Edit Account</a>] "; if($session->isAdmin()){ echo "[<a href=\"admin/admin.php\">Admin Center</a>] "; } echo "[<a href=\"process.php\">Logout</a>]"; }else{ ?> <form action="process.php" method="POST"> <table width="75%" border="0" align="center" cellpadding="5" cellspacing="0"> <tr> <th colspan="3">Login</th> </tr> <? if($form->num_errors > 0){ ?> <tr> <td colspan="3"><?php echo "<span style=\"color:#FF0000; font-size:16px;\">".$form->num_errors." error(s) found</span>"; ?></td> </tr> <?php } ?> <tr> <td width="60px">Username:</td> <td><input type="text" name="user" maxlength="30" value="<? echo $form->value("user"); ?>"></td> <td align="right"><? echo $form->error("user"); ?></td> </tr> <tr> <td width="60px">Password:</td> <td><input type="password" name="pass" maxlength="30" value="<? echo $form->value("pass"); ?>"></td> <td align="right"><? echo $form->error("pass"); ?></td> </tr> <tr> <td> </td> <td> <?php if(isset($_SESSION["referrer"])){ ?> <input type="hidden" name="referrer" value="<?php echo($_SESSION["referrer"]); ?>"> <?php unset($_SESSION["referrer"]);} ?> <input type="hidden" name="sublogin" value="1"><input type="submit" value="Login"></td> <td align="right"><span style="color:#FF0000; font-size:16px;">[<a href="forgotpass.php">Forgot Password?</a>]</span></td> </tr> </table> </form> <?php } ?> Line 25 is: <td><input type="text" name="user" maxlength="30" value="<? echo $form->value("user"); ?>"></td> It is probably right in frontof my face but I can't see it. Thanks for the great help and being patient with me. Quote Link to comment Share on other sites More sharing options...
MadTechie Posted September 22, 2009 Share Posted September 22, 2009 same problem really, but use include_once (just incase) <?php include_once("../include/session.php"); //added if($session->logged_in){ Quote Link to comment Share on other sites More sharing options...
Dunoon Posted September 22, 2009 Author Share Posted September 22, 2009 Well, that took care of line 25 now once I made the change it says: Login Username: <input type="text" name="user" maxlength="30" value=" Fatal error: Call to a member function on a non-object in /homepages/0/d252328289/htdocs/admin/login.php on line 26 The code for line 26 is: <td align="right"><? echo $form->error("user"); ?></td> Boy, getting so close to getting this fixed Quote Link to comment Share on other sites More sharing options...
MadTechie Posted September 22, 2009 Share Posted September 22, 2009 when you login, does the url end with login.php ? it strange but it looks like sub-code.. in anycase okay searching for a function called it maybe misleading, so 1. you need to look for a file that contains code like this $form = new something the code probably include a file with the word form in the name, ie form.class.php check the included file first but your looking for a file that has code like this class something{ the something will be the same as from search 1 Quote Link to comment Share on other sites More sharing options...
Dunoon Posted September 22, 2009 Author Share Posted September 22, 2009 When I login it is at an admin page. Not the login.php page..That was just the way the site was setup. Ok, I looked in the sessions.php file and at the bottom found: /** * Initialize session object - This must be initialized before * the form object because the form uses session variables, * which cannot be accessed unless the session has started. */ $session = new Session; /* Initialize form object */ $form = new Form; ?> Have not found the class yet. Quote Link to comment Share on other sites More sharing options...
Dunoon Posted September 22, 2009 Author Share Posted September 22, 2009 ok I have found the form.php file that has the Call Form in it: Hope this helps. <? /** * Form.php * * The Form class is meant to simplify the task of keeping * track of errors in user submitted forms and the form * field values that were entered correctly. * * Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC) * Last Updated: August 19, 2004 */ class Form { var $values = array(); //Holds submitted form field values var $errors = array(); //Holds submitted form error messages var $num_errors; //The number of errors in submitted form /* Class constructor */ function Form(){ /** * Get form value and error arrays, used when there * is an error with a user-submitted form. */ if(isset($_SESSION['value_array']) && isset($_SESSION['error_array'])){ $this->values = $_SESSION['value_array']; $this->errors = $_SESSION['error_array']; $this->num_errors = count($this->errors); unset($_SESSION['value_array']); unset($_SESSION['error_array']); } else{ $this->num_errors = 0; } } /** * setValue - Records the value typed into the given * form field by the user. */ function setValue($field, $value){ $this->values[$field] = $value; } /** * setError - Records new form error given the form * field name and the error message attached to it. */ function setError($field, $errmsg){ $this->errors[$field] = $errmsg; $this->num_errors = count($this->errors); } /** * value - Returns the value attached to the given * field, if none exists, the empty string is returned. */ function value($field){ if(array_key_exists($field,$this->values)){ return htmlspecialchars(stripslashes($this->values[$field])); }else{ return ""; } } /** * error - Returns the error message attached to the * given field, if none exists, the empty string is returned. */ function error($field){ if(array_key_exists($field,$this->errors)){ return "<span style=\"color:#FF0000; font-size:16px;\">".$this->errors[$field]."</span>"; }else{ return ""; } } /* getErrorArray - Returns the array of error messages */ function getErrorArray(){ return $this->errors; } }; ?> Quote Link to comment Share on other sites More sharing options...
Dunoon Posted September 22, 2009 Author Share Posted September 22, 2009 Well, after checking around a bit the statement below is wrong. I am still have the same error on this other page as before. When I put the include(../sessions.php) line in all it did was bump the code down and make the error on line #26. Sorry I did catch it earlier. "Well, that took care of line 25 now once I made the change it says: Login Username: <input type="text" name="user" maxlength="30" value=" Fatal error: Call to a member function on a non-object in /homepages/0/d252328289/htdocs/admin/login.php on line 26 " I am still getting this error Username: <input type="text" name="user" maxlength="30" value=" Fatal error: Call to a member function on a non-object in /homepages/0/d252328289/htdocs/admin/login.php on line 25 with that line being: <td><input type="text" name="user" maxlength="30" value="<? echo $form->value("user"); ?>"></td> Quote Link to comment Share on other sites More sharing options...
MadTechie Posted September 22, 2009 Share Posted September 22, 2009 try changing include(../sessions.php) to include("include/session.php"); could you give me an idea of the file names and folder, so i know what's where (only the PHP ones) Quote Link to comment Share on other sites More sharing options...
Dunoon Posted September 22, 2009 Author Share Posted September 22, 2009 MadTechie Thank you for all your help.. All the errors are gone. I just emailed them and ask them to check it out and see if everything is functioning like it was before. I will keep you posted. Thanks for everything. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.