cbo0485 Posted October 9, 2015 Share Posted October 9, 2015 Hey, not exactly new to php, but not a seasoned veteran either. I have a page I manage, and I'm trying to get a nice error.php page to work which will print out a nice looking error based on the error code I am using. I have a page on my site that I want to hide from non-admin users. Currently I do this by using a function(isUserAdmin) which runs in the header, which does a check against a DB. It grabs the user's id from the cookie, and then connects to mysql to see if the user is an admin. It then sets a php variable adminString to either True or false. This works and when I'm logged in I can see using FireFox Web Console, that as an admin user I get a 200, and as a non-admin user I get a 401 in the browser. if($adminString == "False"){ http_response_code(401); } However, the page still displays. In my apache httpd.conf, I have: #Define pages to load for certain http errors ErrorDocument 400 /error.php ErrorDocument 401 /error.php ErrorDocument 403 /error.php ErrorDocument 404 /error.php ErrorDocument 500 /error.php That error.php page exists and seemingly works, b/c when I go to my site http://site.com/foo (which does not exist), I get my nice 404 page back in the browser. How can I get php to trigger trigger the ErrorDocument through the web-server when I set the status code? Quote Link to comment Share on other sites More sharing options...
scootstah Posted October 9, 2015 Share Posted October 9, 2015 It's not a 401 to Apache. You're just outputting a 401 to the browser. You'll need to include your error.php from your PHP script as well. Quote Link to comment Share on other sites More sharing options...
Solution benanamen Posted October 9, 2015 Solution Share Posted October 9, 2015 (edited) Try this: if($adminString == "False"){ die(header("Location: /path_to_file/error.php")); } Another thing you could do is just redirect them back to your main page and not even show an error to the user. Edited October 9, 2015 by benanamen Quote Link to comment Share on other sites More sharing options...
cbo0485 Posted October 9, 2015 Author Share Posted October 9, 2015 Worked for me. Not exactly how I was wanting it done, but it works and provides the same results, so works for me. Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted October 9, 2015 Share Posted October 9, 2015 Silently redirecting to an error page is a bad idea, because that's simply not how the HTTP protocol works. The status of the response is determined by the response code. If you do a redirect, that means: “Everything is fine, but the content is now at ...”. That's obviously nonsense in your case, because what you actually want to say is that the user isn't authorized to view the page (which is an error). Sure, a human with good eyes will look at the page and figure out that your “Everything is fine” really means “You've made a mistake”, but not every webclient is a human, and not all processing is done by humans not every human has good eyes So don't rely on clients to figure out the status from purely visual information. Always set the appropriate error code. Unfortunately, Apache seems to have trouble showing the right error page when the response code is generated by PHP. As a workaround, I'd display the error page and at the same time use http_response_code(401): <?php http_response_code(401); readfile('/path/to/custom/401/page'); (You can also define a function which automates those two steps.) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.