sford999 Posted March 3, 2015 Share Posted March 3, 2015 This has been bugging me for about an hour now, appreciate it if someone can see what I'm missing. Logs in successfully, redirects to index.php then the following error appears and kills the page. PHP Fatal error: Call to a member function requireAccessLevel() on a non-object in H:\server\htdocs\ys\admin\_local_auth.inc.php on line 16 _local_auth.inc.php require_once('../inc/master.inc.php'); // admin functions require_once(ADMIN_ROOT . '/_admin_functions.inc.php'); if(!defined('ADMIN_IGNORE_LOGIN')) { if(defined('MIN_ACCESS_LEVEL')) { $Auth->requireAccessLevel(MIN_ACCESS_LEVEL, ADMIN_WEB_ROOT . "/login.php"); } else { $Auth->requireAdmin(); } $userObj = $Auth->getAuth(); } master.inc.php // Determine our absolute document root define('DOC_ROOT', realpath(dirname(__FILE__) . '/../')); define('CORE_ROOT', DOC_ROOT); // set timezone if (!ini_get('date.timezone')) { date_default_timezone_set('GMT'); } require_once(CORE_ROOT . '/inc/objects.class.php'); // autoloader function __autoload($className) { if (file_exists(CORE_ROOT . '/inc/' . lcfirst($className) . '.class.php')) { require_once(CORE_ROOT . '/inc/' . lcfirst($className) . '.class.php'); } } // add missing function if (!function_exists('array_replace_recursive')) { function array_replace_recursive($array, $array1) { $rs = array(); foreach ($array AS $k => $arrayItem) { $rs[$k] = $arrayItem; if (isset($array1[$k])) { $rs[$k] = $array1[$k]; } } return $rs; } } // load our config settings $config = Config::getConfig(); Config::initConfigIntoMemory(); // setup database conn $db = Database::getDatabase(); // setup error handler log::initErrorHandler(); // store session info in the database? if ($config->useDBSessions === true) { DBSession::register(); } // initialize our session session_name($config->sessionName); // how long to keep sessions active before expiring session_set_cookie_params((int) SITE_CONFIG_SESSION_EXPIRY); // start session if (!isset($sessionStarted) || ($sessionStarted == false)) { session_start(); } Quote Link to comment https://forums.phpfreaks.com/topic/295052-call-to-a-member-function-requireaccesslevel-on-a-non-object/ Share on other sites More sharing options...
maxxd Posted March 3, 2015 Share Posted March 3, 2015 Unless it happens in _admin_functions.inc.php, $Auth is not instantiated; hence the error about it not being an object. Quote Link to comment https://forums.phpfreaks.com/topic/295052-call-to-a-member-function-requireaccesslevel-on-a-non-object/#findComment-1507386 Share on other sites More sharing options...
sford999 Posted March 3, 2015 Author Share Posted March 3, 2015 (edited) Its in html/_header.inc.phpThe login form <?php define('ADMIN_IGNORE_LOGIN', true); include_once('_local_auth.inc.php'); include_once('html/_loginHeader.inc.php'); ?> <div class="container"> <form class="form-signin" action="http://www.codingforums.com/index.php" enctype="multipart/form-data" method="post"> <h2 class="form-signin-heading">Please sign in</h2> <?php if ($_REQUEST['error']) { adminFunctions::setError("Incorrect login details, please try again."); } echo adminFunctions::compileErrorHtml(); ?> <div class="input-group margin-bottom-sm"><span class="input-group-addon"><i class="fa fa-user-plus fa-fw"></i></i></span> <input class="form-control" type="text" placeholder="Username" name="username" id="username" /> </div> <div class="input-group" style="margin-top:10px;"><span class="input-group-addon"><i class="fa fa-key fa-fw"></i></span> <input class="form-control" type="password" placeholder="Password" name="password" id="password" /> </div> <button class="btn btn-lg btn-primary btn-block" type="submit"><i class="fa fa-sign-in fa-fw"></i> Sign in</button> </form> </div> <?php include_once('html/_loginFooter.inc.php'); ?> Top of html/_header.inc.php <?php $Auth = Auth::getAuth(); Top of index.php <?php define('ADMIN_PAGE_TITLE', 'Dashboard'); define('MIN_ACCESS_LEVEL', 10); // allow moderators include_once('_local_auth.inc.php'); include_once('html/_header.inc.php'); auth.class.php <?php class Auth { // Singleton object. Leave $me alone. private static $me; public $id; public $username; public $level_id; public $user; // DBObject User object (if available) // Call with no arguments to attempt to restore a previous logged in session // which then falls back to a guest user (which can then be logged in using // $this->login($username, $rawPassword). Or pass a user_id to simply login that user. The // $seriously is just a safeguard to be certain you really do want to blindly // login a user. Set it to true. private function __construct($userToImpersonate = null) { $this->id = null; $this->username = null; $this->level_id = 0; $this->level = UserPeer::getLevelLabel($this->level_id); $this->user = null; if (class_exists('User') && (is_subclass_of('User', 'DBObject'))) { $this->user = new User(); } if (!is_null($userToImpersonate)) { return $this->impersonate($userToImpersonate); } if ($this->attemptSessionLogin()) { return; } } /** * Standard singleton * @return Auth */ public static function getAuth($userToImpersonate = null) { if (is_null(self::$me)) { self::$me = new Auth($userToImpersonate); } return self::$me; } // You'll typically call this function when a user logs in using // a form. Pass in their username and password. // Takes a username and a *plain text* password public function login($username, $rawPassword, $fromLoginForm = false) { $rs = $this->convertPassword($username, $rawPassword); if ($rs == false) { return false; } return $this->attemptLogin($username, $rawPassword, false, $fromLoginForm); } // manage convertions to sha256, this code is only for migration public function convertPassword($username, $rawPassword) { // get database $db = Database::getDatabase(); // check for existing user $user = $db->getRow('SELECT id, password FROM users WHERE username = ' . $db->quote($username)); if ($user === false) { return false; } // see if it matches the one entered if ($user['password'] == md5($rawPassword)) { // create new password $sha256Password = Password::createHash($rawPassword); // update user with new $db->query('UPDATE users SET password = :password WHERE id = :id', array('password' => $sha256Password, 'id' => $user['id'])); } return true; } public function logout() { $Config = Config::getConfig(); $this->id = null; $this->username = null; $this->level_id = 0; $this->level = 'guest'; $this->user = null; if (class_exists('User') && (is_subclass_of('User', 'DBObject'))) { $this->user = new User(); } $_SESSION['user'] = ''; unset($_SESSION['user']); session_destroy(); setcookie('spf', '.', time() - 3600, '/', $Config->authDomain); } // Is a user logged in? This was broken out into its own function // in case extra logic is ever required beyond a simple bool value. public function loggedIn() { return $this->level_id > 0; } // Helper function that redirects away from 'admin only' pages public function requireAdmin() { // check for login attempts if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) { $this->login($_REQUEST['username'], $_REQUEST['password']); } // ensure it's an admin user $this->requireAccessLevel(20, ADMIN_WEB_ROOT . "/login.php?error=1"); } // Helper function that redirects away from 'member only' pages public function requireUser($url) { $this->requireAccessLevel(1, $url); } /* * Function to handle access rights and minimum permission levels for access. * The higher the number the greater the permission requirement. See the * database table called 'user_level' for the permission level_ids. * * @param type $level */ public function requireAccessLevel($minRequiredLevel = 0, $redirectOnFailure = 'login.php') { // check for login attempts if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) { $this->login($_REQUEST['username'], $_REQUEST['password']); } // check account level if ($this->level_id >= $minRequiredLevel) { return true; } if (strlen($redirectOnFailure)) { coreFunctions::redirect($redirectOnFailure); } return false; } public function hasAccessLevel($minRequiredLevel = 0) { return $this->requireAccessLevel($minRequiredLevel, null); } // Login a user simply by passing in their username or id. Does // not check against a password. Useful for allowing an admin user // to temporarily login as a standard user for troubleshooting. // Takes an id or username public function impersonate($userToImpersonate) { $db = Database::getDatabase(); if (is_int($userToImpersonate)) { $row = $db->getRow('SELECT * FROM users WHERE id = ' . (int)$userToImpersonate.' LIMIT 1'); } else { $row = $db->getRow('SELECT * FROM users WHERE username = ' . $db->quote($userToImpersonate).' LIMIT 1'); } if (is_array($row)) { $this->id = $row['id']; $this->username = $row['username']; $this->email = $row['email']; $this->level_id = $row['level_id']; $this->level = UserPeer::getLevelLabel($this->level_id); // load any additional user info if DBObject and User are available $this->user = new User(); $this->user->id = $row['id']; $this->user->load($row); $this->storeSessionData(); return true; } return false; } // Attempt to login using data stored in the current session private function attemptSessionLogin() { if (isset($_SESSION['user'])) { $sessionAuth = unserialize($_SESSION['user']); if (is_object($sessionAuth)) { foreach ($sessionAuth AS $k => $v) { $this->$k = $v; } } return true; } return false; } // The function that actually verifies an attempted login and // processes it if successful. // Takes a username and a raw password public function attemptLogin($username, $rawPassword, $sessionLogin = false, $fromLoginForm = false) { $db = Database::getDatabase(); $Config = Config::getConfig(); // We SELECT * so we can load the full user record into the user DBObject later $row = $db->getRow('SELECT * FROM users WHERE username = ' . $db->quote($username)); if ($row === false) { // log failure Auth::logFailedLoginAttempt(coreFunctions::getUsersIPAddress(), $loginUsername); return false; } // validate password if ($sessionLogin == false) { if (Password::validatePassword($rawPassword, $row['password']) === false) { // log failure Auth::logFailedLoginAttempt(coreFunctions::getUsersIPAddress(), $loginUsername); return false; } } // check for mcrypt, required for login if(!function_exists('mcrypt_create_iv')) { return false; } // make sure account is active if ($row['status'] != "active") { return false; } else { // check user isn't banned from logging in $bannedIp = bannedIP::getBannedIPData(); if ($bannedIp) { if ($bannedIp['banType'] == 'Login') { return false; } } } // stop account sharing if($fromLoginForm == true) { Auth::clearSessionByUserId($row['id']); } $this->id = $row['id']; $this->username = $row['username']; $this->email = $row['email']; $this->level_id = $row['level_id']; $this->level = UserPeer::getLevelLabel($this->level_id); $this->paidExpiryDate = $row['paidExpiryDate']; $this->paymentTracker = $row['paymentTracker']; // load any additional user info if DBObject and User are available $this->user = new User(); $this->user->id = $row['id']; $this->user->load($row); // update lastlogindate $iPAddress = coreFunctions::getUsersIPAddress(); if ($sessionLogin == false) { $db->query('UPDATE users SET lastlogindate = NOW(), lastloginip = :ip WHERE id = :id', array('ip' => $iPAddress, 'id' => $this->id)); } // remove any failed logins for the IP address Auth::clearAllLoginAttemptsForIp($iPAddress); // log IP address for login if($fromLoginForm == true) { Auth::logSuccessfulLogin($this->id, $iPAddress); } // setup session $this->storeSessionData(); return true; } public function getAccountScreenName() { $label = $this->user->username; if (strlen($label) > 12) { $label = substr($label, 0, 12) . '...'; } return $label; } // stores current object in session private function storeSessionData() { //if (headers_sent()) //{ // die('Error: Headers already sent, can not set session data. This is likely due to a config file or plugin file which has been damaged on upload with extra spacing in it.'); // return false; //} $_SESSION['user'] = serialize($this); } private function createHashedPassword($rawPassword) { return MD5($rawPassword); } public static function logFailedLoginAttempt($ipAddress, $loginUsername = '') { // clear anything older than 24 hours self::clearOldLoginAttempts(); // get database $db = Database::getDatabase(); // add failed login attempt $dbInsert = new DBObject("login_failure", array("ip_address", "date_added", "username")); $dbInsert->ip_address = $ipAddress; $dbInsert->date_added = coreFunctions::sqlDateTime(); $dbInsert->username = $loginUsername; $dbInsert->insert(); // block IP address if greater than x failed logins if ((int) SITE_CONFIG_SECURITY_BLOCK_IP_LOGIN_ATTEMPTS > 0) { $failedAttempts = (int) $db->getValue('SELECT COUNT(id) AS total FROM login_failure WHERE ip_address = ' . $db->quote($ipAddress)); if ($failedAttempts >= SITE_CONFIG_SECURITY_BLOCK_IP_LOGIN_ATTEMPTS) { // add IP address to block list $dbInsert = new DBObject("banned_ips", array("ipAddress", "banType", "banNotes", "dateBanned", "banExpiry")); $dbInsert->ipAddress = $ipAddress; $dbInsert->banType = 'Login'; $dbInsert->banNotes = 'Banned after too many failed logins.'; $dbInsert->dateBanned = coreFunctions::sqlDateTime(); $dbInsert->banExpiry = date('Y-m-d H:i:s', strtotime('+24 hours')); $dbInsert->insert(); } } } public static function clearOldLoginAttempts() { // get database $db = Database::getDatabase(); // clear anything older than 24 hours $db->query('DELETE FROM login_failure WHERE date_added < DATE_SUB(NOW(), INTERVAL 24 HOUR)'); } public static function clearAllLoginAttemptsForIp($ipAddress) { // get database $db = Database::getDatabase(); // clear anything older than 24 hours $db->query('DELETE FROM login_failure WHERE ip_address = ' . $db->quote($ipAddress)); } public static function logSuccessfulLogin($userId, $ipAddress) { // clear anything older than 1 month self::clearOldSuccessfulLogins(); // get database $db = Database::getDatabase(); // try to find country code based on IP address $countryCode = Stats::getCountry($ipAddress); if (($countryCode == 'unknown') || ($countryCode == 'ZZ') || (!$countryCode)) { $countryCode = ''; } $countryCode = substr($countryCode, 0, 2); // add failed login attempt $dbInsert = new DBObject("login_success", array("ip_address", "date_added", "user_id", "country_code")); $dbInsert->ip_address = $ipAddress; $dbInsert->date_added = coreFunctions::sqlDateTime(); $dbInsert->user_id = $userId; $dbInsert->country_code = $countryCode; $dbInsert->insert(); } public static function clearOldSuccessfulLogins() { // get database $db = Database::getDatabase(); // clear anything older than 1 month $db->query('DELETE FROM login_success WHERE date_added < DATE_SUB(NOW(), INTERVAL 1 MONTH)'); } public static function clearSessionByUserId($userId) { // deletes any existing sessions for the same user id $db = Database::getDatabase(); $db->query('DELETE FROM sessions WHERE user_id = ' . (int) $userId); } } Edited March 3, 2015 by sford999 Quote Link to comment https://forums.phpfreaks.com/topic/295052-call-to-a-member-function-requireaccesslevel-on-a-non-object/#findComment-1507388 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.