3

I'm working on a forum software currently.

I have a class called User, within that class I have a method called GetUserGroup to determine what group the user is in.

I am running the query and assoc the same way I've been doing with all my other queries, I'm not sure what I'm doing wrong, I've looked over the query for syntax errors but just don't see any.

Catchable fatal error: Object of class User could not be converted to string in C:\xampp\htdocs\forums\index.php on line 22

Here's the whole page:

<?php 
include_once('connect.php');
session_start();

if (isset($_SESSION['username'])) {
    $username = $_SESSION['username'];

}

class User {

    public $usergroup;
    public $user;

    function __construct() {
        if (isset($_SESSION['username'])) {
            $this->user = $_SESSION['username'];
        }
    }

    public function GetUserGroup() {
        $find_group = "SELECT group FROM users WHERE username='$this->user'";
        $run_find_group = mysql_query($find_group);
        $find_group_assoc = mysql_fetch_assoc($run_find_group);
        $this->usergroup = $find_group_assoc['group'];
    }
}

class Forum {

    function __construct() {

    }

    public function DisplayForums() {

        $find = "SELECT id,name,description FROM forums";
        $run_find = mysql_query($find);

        while ($is = mysql_fetch_assoc($run_find)) {
            $forum_id = $is['id'];
            $forum_name = $is['name'];
            $forum_description = $is['description'];

            echo "<div  style='background:#FF6699;width:1000px;'>";
            echo "Forum: <a href='topics.php?t='$forum_id'>".$forum_name."</a><br/>".$forum_description."<br/><hr>";
            echo "</div>";
        }
    }
}

$forum = new Forum();
if (isset($_SESSION['username'])) {
    $_SESSION['username'] = new User();
    $_SESSION['username']->GetUserGroup();
}
?>
<html>
<head>
    <title>Home</title>
</head>
<body>
<?php 
if (isset($_SESSION['username'])) {
    echo "Welcome, " . $username . "!";
    if ($_SESSION['username']->usergroup==admin) {
        echo "<span align='right'><a href='/admin/index.php'>Admin CP</a></span>";
    }
    $forum->DisplayForums(); 
} else {
    $forum->DisplayForums(); 
    echo "
    <form action='login.php' method='post'>
    <table>
        <tr>
            <td>Username: </td>
            <td><input type='text' name='username' /></td>
        </tr>
        <tr>
            <td>Password: </td>
            <td><input type='text' name='password' /></td>
        </tr>
        <tr>
            <td><input type='submit' name='login_submit' value='Login' /></td>
        </tr>
    </table>
    </form>";
}
?>
</body>
</html>
Improve this question
6
  • 1
    What seems to be the problem here, officer? Commented Dec 30, 2011 at 17:56
  • The error is not in the snippet you provided. I suspect the full error output will tell you the line number where the problem occurs. Please post the full error message and source code. Commented Dec 30, 2011 at 17:57
  • 1
    I'm getting the error "Object of class User could not be converted to string". At the line $find_group = "SELECT group FROM users WHERE username='$this->user'"; Also I'm aware it's vulnerable, I just started this and just haven't gotten around to adding protecting yet. Commented Dec 30, 2011 at 17:57
  • 1
    apparently $this->user is an object. var_dump it to verify. as an alternative, use a debugger to step through your code execution to find out where it goes wrong. if you want $this->user to be an object, add a __toString method to tell it how to behave in a string context. Commented Dec 30, 2011 at 18:03
  • 1
    @Darren Software security isn't a 'phase' of development. Commented Dec 30, 2011 at 19:10

3 Answers 3

Reset to default
6

Your problem is here:

$_SESSION['username'] = new User();

You're assigning a User object to the $_SESSION['username']. So, when $_SESSION['username']->GetUserGroup() is called $this->user is a User object.

You need to either set $_SESSION['username'] to the username, and not an object. Or make a method to get the username from the object. You should add a getUsername method or something to User.

public function GetUserGroup() {
    $user = $this->user->getUsername();
    $find_group = "SELECT group FROM users WHERE username='$user'";
    $run_find_group = mysql_query($find_group);
    $find_group_assoc = mysql_fetch_assoc($run_find_group);
    $this->usergroup = $find_group_assoc['group'];
}

You can also use PHP's __toString method.

function __toString(){
  return $this->getUsername();
}

If you use __toString, then:

$find_group = "SELECT group FROM users WHERE username='$this->user'";

will work.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

So I should change $_SESSION['username'] = new User(); to $username = new User();, after having a $username set to the $_SESSION?
@Darren: The problem is $_SESSION['username'] is a User object, not a string. So, when you do $this->user = $_SESSION['username']; You're setting $this->user to an object, not a string. You can do $_SESSION['username'] = new User();, just make sure you know that it's not a string. You need to do something like $this->user = $_SESSION['username']->getUsername(), or use the __toString() method.
How would I fix that? Like how would I convert the $this->user to a string?
I'm confused on what I should put in the getUsername() method. Could you guide me in the right direction?
@Darren: In getUsername you should put a way to get a user's username. You have a User object, how do you know what user it is?
1

Security problems and lack of cohesion aside: You are assigning a new User() to $_SESSION['username'] in your sample, so that is what $this->user is.

It seems that you are using $_SESSION['username'] for both the username string and the User object. Either store just one of them, or store them separately (e.g. as $_SESSION['username'] and $_SESSION['user']).

Improve this answer

Comments

1

Change this line:

$find_group = "SELECT group FROM users WHERE username='{$this->user}'";
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.