0

I have this simple session class

class Session
{
    public static function init() {
       @session_start();
    }

    public static function set($key, $value) {
        $_SESSION[$key] = $value;
    }

    public static function get($key) {
        if (isset($_SESSION[$key]))
            return $_SESSION[$key];
    }

    public static function destroy() {
        unset($_SESSION);
        session_destroy();
    }
}

In my other class I have

public function verifyFormToken($form)
{
    // check if a session is started and a token is transmitted, if not return an error
    if(!isset(Session::get($form.'_token'))){ 
        return false;
    }

    // check if the form is sent with token in it
    if(!isset($data['token'])) {
        return false;
    }

    // compare the tokens against each other if they are still the same
    if (Session::get($form.'_token') !== $data['token']) {
        return false;
    }

    return true;
}

I can set a session no problem but when I come to get it using verifyFormToken(), i get this error message

Can't use function return value in write context

which points to this line

if(!isset(Session::get($form.'_token'))){
AdRock
  • 2,959
  • 10
  • 66
  • 106
  • 1
    Isset is not a regular function. It is language construct. So it takes variables only: http://stackoverflow.com/questions/1532693/weird-php-error-cant-use-function-return-value-in-write-context?rq=1 – Phantom Jul 17 '14 at 12:25
  • @Phantom I was going to write this as an answer... I agree with you, that is the problem. – Athafoud Jul 17 '14 at 12:28
  • @Phantom correct, but also calling isset on a method doesn't make any sense anyway!! logically your saying is this method set.. although I know thats not what it will try to do.. lol. – RaggaMuffin-420 Jul 17 '14 at 12:30

1 Answers1

2

you will have to define a variable as pass that to isset:

$token = Session::get($form.'_token');
if ($token !== NULL) { ... }

or as you are using isset in your get method just do:

if (Session::get($form.'_token') !== NULL) { ... }

EDIT**

In this instance this would be fine, as session token will never be null, but as a session controller, a value may be set as NULL on purpose, or may not be set, so your get method needs to return a unique value to determine whether its set or not. i.e.

define('MY_SESSION_NOT_SET',md5('value_not_set'));

class Session
{
    public static function init() {
       @session_start();
    }

    public static function set($key, $value) {
        $_SESSION[$key] = $value;
    }

    public static function get($key) {
        if (isset($_SESSION[$key]))
            return $_SESSION[$key];
        else
            return MY_SESSION_NOT_SET;
    }

    public static function destroy() {
        unset($_SESSION);
        session_destroy();
    }
}

if (Session::get($form.'_token') === MY_SESSION_NOT_SET) { ... }

something like that would be more beneficial.

RaggaMuffin-420
  • 1,762
  • 1
  • 10
  • 14
  • 2
    They did't change it in newer version. But they made the error more user friendly `Fatal error: Cannot use isset() on the result of a function call (you can use "null !== func()" instead)` – Athafoud Jul 17 '14 at 12:31
  • yes sorry, I was more thinking about other constructs like empty() as I think that works in later versions. didn't really think it through. – RaggaMuffin-420 Jul 17 '14 at 12:32
  • Thanks @RaggaMugffin-420....that fixed my problem. Had this for ages but only just decided to do something about it – AdRock Jul 17 '14 at 12:44