petermholmes Posted January 26, 2010 Share Posted January 26, 2010 I'm a newbie to PHP and can't figure out what's wrong with the following: File tryme.php contents: <?php require("session/session_check.php"); ?> <form method="post" action="./php/trymecall.php"> Email: <input name="email" type="text" /><br /> Message:<br /> <textarea name="message" rows="15" cols="40"> </textarea><br /> <input type="submit" /> </form> File session_check.php contents: <?php /* session_check - attempt to keep our sessions secure */ if (!isset(session_id())) { /* setup a new session */ session_start(); $_SESSION['uniqid'] = uniqid('', true); $_SESSION['key'] = hash('sha256', $_SESSION['uniqid'] . session_id()); } else if ($_SESSION['key'] != hash('sha256', $_SESSION['uniqid'] . session_id())) { /* huh? */ echo "Don't mess with me suckah!"; } else { /* pick up where we left off */ session_start(); } ?> When I try to load tryme.php, I get "Fatal error: Can't use function return value in write context in /var/www/session/session_check.php on line 4" Write context??? What am I doing wrong? Link to comment https://forums.phpfreaks.com/topic/189815-apparently-braindead-newbie/ Share on other sites More sharing options...
teamatomic Posted January 26, 2010 Share Posted January 26, 2010 Move the session_start() under the php start tag. and just what the error says if (!isset(session_id())) sessionid() is taken as a function, it is but its session_id() and cant be used in that context. try: <?php session_start(); $session_id = session_id(); if (!isset($session_id)) {whatever} HTH Teamatomic Link to comment https://forums.phpfreaks.com/topic/189815-apparently-braindead-newbie/#findComment-1001670 Share on other sites More sharing options...
petermholmes Posted January 26, 2010 Author Share Posted January 26, 2010 <?php session_start(); $session_id = session_id(); if (!isset($session_id)) {whatever} I don't think that that would accomplish what I was trying to do which was to use isset(session_id()) to determine if a session was already running. The idea was: 1. If no session's running, start one. 2. If a session already exists but the session key is wrong, somebody's probably trying to break in. 3. If a session exists and the key is good, just pick up the current session variables. Is there another way to accomplish that? Link to comment https://forums.phpfreaks.com/topic/189815-apparently-braindead-newbie/#findComment-1001675 Share on other sites More sharing options...
petermholmes Posted January 26, 2010 Author Share Posted January 26, 2010 Now that I look at it, my code wouldn't work anyway as the "else if" is looking for data that hasn't been loaded using session_start(). Link to comment https://forums.phpfreaks.com/topic/189815-apparently-braindead-newbie/#findComment-1001677 Share on other sites More sharing options...
teamatomic Posted January 26, 2010 Share Posted January 26, 2010 <?php session_start(); if (!$_SESSION['uniqid']) {echo "No session unique";} else {echo "We have set unique";} ?> This should kick-start you HTH Teamatomic Link to comment https://forums.phpfreaks.com/topic/189815-apparently-braindead-newbie/#findComment-1001678 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.