Error headers with php.

Tarzan · Aug 6, 2008

Hi!

I actually have two questions regarding setting headers with the php headers()-function.

The first is regarding what error response to send if a user tries to access a password protected page without logging in. It seems logical to send a 401 - Unauthorized, but the protocol states that

10.4.2 401 Unauthorized
The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource.

(http://www.faqs.org/rfcs/rfc2616)
But since I don't want a user/pass-popup it doesn't seem like a good alternative. Is 403 - Forbidden better to use in that case? Or maybe some kind of 3xx-redirect to the main page?

The second question is about error pages. If I type a unknown URI a "HTTP/1.1 404 Not Found" response is given and x10hosting will use your custom error page (or it's own). But if you generate your own error with header("HTTP/1.1 404 Not Found") in an existing page the page still executes. Is it possible to send headers with php so that the server sends the client to your customized error pages? Or do you simply have to include them in the file that generates the error?

TechAsh · Aug 6, 2008

Is 403 - Forbidden better to use in that case?

I would use a 403 Error yes.

The second question is about error pages. If I type a unknown URI a "HTTP/1.1 404 Not Found" response is given and x10hosting will use your custom error page (or it's own). But if you generate your own error with header("HTTP/1.1 404 Not Found") in an existing page the page still executes. Is it possible to send headers with php so that the server sends the client to your customized error pages? Or do you simply have to include them in the file that generates the error?

You could use the "Location:" header to redirect the visitor to your 404 error page:

Code:

header("Location: http://example.com/404.shtml"

Tarzan · Aug 6, 2008

TechAsh said:
You could use the "Location:" header to redirect the visitor to your 404 error page:

Code:

header("Location: http://example.com/404.shtml"

It's a good alternative, the only problem is that the address bar in the browser changes to http://example.com/404.shtml. It looks a little "unprofessional". Is it possible to do without a visible redirect?
(Or in my case a 403, because it is the requested page that is forbidden, not the 403.shtml)

phpasks · Aug 6, 2008

Why you can check in page using header?

You can use .htaccess file

This coding putting in your .htaccess file automatically page redirect
ErrorDocument 404 404.shtml
order deny,allow

Also used other error page here.
http://www.phpasks.com/htaccess/index.html#a_errorPage

marshian · Aug 6, 2008

^ above post isn't really correct...

You can't use php for errorpages properly, because that's part of the server config. But apache has given us .htaccess files which can change every errordocument for each directory.
(If you put a htaccess in a certain directory, this affects this directory and each of its subdirectories.)

The syntax is: ErrorDocument {errorcode} {document}
An example is: ErrorDocument 404 404.shtml
(The order deny, allow isn't part of errordocuments)

What happens if you send the 404 header along with a page is:
the browser gets the headers, one being the status code (404) and then receives the contents. The browser might stop when he receives the 404 and show the error, but most browsers show the transmitted file (they assume this is your errordocument)

Tarzan · Aug 6, 2008

marshian said:
^ above post isn't really correct...
The syntax is: ErrorDocument {errorcode} {document}
An example is: ErrorDocument 404 404.shtml
(The order deny, allow isn't part of errordocuments)

What happens if you send the 404 header along with a page is:
the browser gets the headers, one being the status code (404) and then receives the contents. The browser might stop when he receives the 404 and show the error, but most browsers show the transmitted file (they assume this is your errordocument)

Thanks! That's the way I've been using it.
So the bottom line is, if you send a 404/403/whatever-error in a php-header, the server won't check for an alternative error page (whether in a .htaccess file, or a default error page)?
From what I can tell, the only possible ways are:
- Do a manual redirect using the Location:-header.
- Include the error page or a similar message in the page checking for authentication

Error headers with php.

Tarzan

New Member

TechAsh

Retired

Tarzan

New Member

phpasks

New Member

marshian

New Member

Tarzan

New Member

Free Web Hosting

Our Community

Legal