SitePoint Sponsor

User Tag List

Results 1 to 19 of 19
  1. #1
    Non-Member c1vineoflife's Avatar
    Join Date
    Sep 2004
    Location
    CA
    Posts
    460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    PHP equiv to a 404 error.

    Say if I have an if{}else statement like this:

    PHP Code:
    if ( isset($content) ) {
        include(
    "$content.htm");
    } elseif ( !isset(
    $content) ) {
        include(
    "home.htm");

    I have what page to load if the variable $content is set, and what page to load if the variable $content is not set. Now, say I have a link that loads a page, but there is no such page to load. When that happens I would like to load a page saying "This page cannot be found" or something like that. How would I do that? Thanks!

  2. #2

    Join Date
    Oct 2003
    Location
    €uroLand
    Posts
    1,340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    In your case, if you reference a file which doesnt exist, there will not be a 404 code sent to the client, but the client will get a PHP error from the include() call telling him that the specified file couldnt be located. If you want to send a 404 code you need to use header() as in
    PHP Code:
    header("HTTP/1.0 404 Not Found"); 
    By the way, you definitely need to ensure $content cannot be set from outside because this would open a huge potential security leak, since malicious people could then specifiy whichever file they want.

  3. #3
    Non-Member c1vineoflife's Avatar
    Join Date
    Sep 2004
    Location
    CA
    Posts
    460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by drzoid
    In your case, if you reference a file which doesnt exist, there will not be a 404 code sent to the client, but the client will get a PHP error from the include() call telling him that the specified file couldnt be located. If you want to send a 404 code you need to use header() as in
    PHP Code:
    header("HTTP/1.0 404 Not Found"); 
    By the way, you definitely need to ensure $content cannot be set from outside because this would open a huge potential security leak, since malicious people could then specifiy whichever file they want.
    How exactly would I do both of those things?

  4. #4
    $this->toCD-R(LP); vinyl-junkie's Avatar
    Join Date
    Dec 2003
    Location
    Federal Way, Washington (USA)
    Posts
    1,524
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Regarding the first question, here's an example of what you need:

    Code:
    if ( isset($content) ) { 
        include("$content.htm"); 
    } else { 
        header("HTTP/1.0 404 Not Found"); 
        header("location: http://www.example.com/404.php");
    }
    http://www.example.com/404.php would be the location of your custom 404 page, which gives them a "page not found" error message.

    As for making sure that $content is something you're expecting, just have some code that tests the value of that variable. For example:

    Code:
    if ($content = "this") {
    //do one thing
    }
    else {
    if ($content = "that") {
    //do another thing
    }
    else ...
    Hopefully, you get the idea.
    Music Around The World - Collecting tips, trade
    and want lists, album reviews, & more
    Showcase your music collection on the Web

  5. #5
    SitePoint Wizard
    Join Date
    Mar 2004
    Posts
    1,647
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    wrong...
    PHP Code:
    if ($content "this") {
    //do one thing
    }
    else {
    if (
    $content "that") {
    //do another thing
    }
    else ... 
    right
    PHP Code:
    if ($content "this") {
    //do one thing
    }
    else if (
    $content "that") {
    //do another thing
    }
    else ... 
    small error but significative
    cheers

  6. #6
    SitePoint Guru
    Join Date
    Nov 2004
    Location
    Parry Sound, ON
    Posts
    725
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I think I'd do this:
    PHP Code:
    if ( isset($content) && file_exists("$content.htm")) { 
        include(
    "$content.htm"); 
    } else { 
        
    header("HTTP/1.0 404 Not Found"); 
        
    header("location: http://www.example.com/404.php");

    That should fix both worries.

  7. #7
    $this->toCD-R(LP); vinyl-junkie's Avatar
    Join Date
    Dec 2003
    Location
    Federal Way, Washington (USA)
    Posts
    1,524
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    reminder: We were both wrong! Your code:

    Code:
    if ($content = "this") { 
    //do one thing 
    } 
    else if ($content = "that") { 
    //do another thing 
    } 
    else ...
    Corrected code:

    Code:
    if ($content == "this") { 
    //do one thing 
    } 
    else if ($content == "that") { 
    //do another thing 
    } 
    else ...
    HardCoded: Wonder why I didn't do that in the first place, especially since I already have some web pages that do it just like that. Doh!
    Music Around The World - Collecting tips, trade
    and want lists, album reviews, & more
    Showcase your music collection on the Web

  8. #8
    SitePoint Wizard swdev's Avatar
    Join Date
    Oct 2004
    Location
    UK
    Posts
    1,053
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    or better, imho

    PHP Code:
      
      
    switch ($content)
      {
        case 
    'this':
           
    // do this stuff
           
    break;
        case 
    'that':
           
    // do that stuff
           
    break;
        default:
           
    // don;t recognise $content - do error stuff
           
    break;
      } 

  9. #9

    Join Date
    Oct 2003
    Location
    €uroLand
    Posts
    1,340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by vinyl-junkie
    Regarding the first question, here's an example of what you need:

    Code:
    if ( isset($content) ) { 
        include("$content.htm"); 
    } else { 
        header("HTTP/1.0 404 Not Found"); 
        header("location: http://www.example.com/404.php");
    }
    http://www.example.com/404.php would be the location of your custom 404 page, which gives them a "page not found" error message.
    That wont work, because the "Location" header will change the status code to 302. Why do you need a redirect if you are saying "not found" at all?

    PHP Code:
    header("HTTP/1.0 404 Not Found"); 
    is enough and perhaps with some content following to be displayed in the browser.

  10. #10
    Non-Member c1vineoflife's Avatar
    Join Date
    Sep 2004
    Location
    CA
    Posts
    460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks you guys! I appreciate the help

  11. #11
    Non-Member c1vineoflife's Avatar
    Join Date
    Sep 2004
    Location
    CA
    Posts
    460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Oh, and another question. What is wrong with my code (it isn't working)?

    PHP Code:
    if ( isset($content) && file_exists($content.htm) ) {
        include(
    "$content.htm");
    } elseif ( !isset(
    $content) ) {
        include(
    "home.htm");
    } elseif ( !
    file_exists($content.htm) ) {
        include(
    "404.htm");


  12. #12
    Non-Member c1vineoflife's Avatar
    Join Date
    Sep 2004
    Location
    CA
    Posts
    460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, I still don't know why my other code works, but this code works like a charm:

    PHP Code:
    if ( !isset($content) ) {
        include(
    "home.htm");
    }

    if ( isset(
    $content) && file_exists("$content.htm")) {
        include(
    "$content.htm");
    } elseif ( isset(
    $content) && !file_exists($content.htm) ) {
        include(
    "404.htm");

    It includes my home page if no page is specified, and if a page is specified but does not exist, it includes my custom 404 page. Good?

  13. #13

    Join Date
    Oct 2003
    Location
    €uroLand
    Posts
    1,340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If you already have a default page for unknown requests, simply always use it.
    PHP Code:
    $content=$content.'htm';

    if (
    file_exists($content)==false$content='home.htm';

    include(
    $content); 
    Although still pay attention to the last part of http://www.sitepoint.com/forums/show...41&postcount=2

  14. #14
    Non-Member c1vineoflife's Avatar
    Join Date
    Sep 2004
    Location
    CA
    Posts
    460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by drzoid
    If you already have a default page for unknown requests, simply always use it.
    PHP Code:
    $content=$content.'htm';

    if (
    file_exists($content)==false$content='home.htm';

    include(
    $content); 
    Although still pay attention to the last part of http://www.sitepoint.com/forums/show...41&postcount=2
    That doesn't take care of the occurance of not having anything set for $content. That would put a big blank spot when anyone would simply type in www.example.com. That is a nice peice of code though. It eleminites some typing

    Oh, and what exactly could "malicious" people do with ?content=? I have it to where if they put in something like ?content=bob, and bob.htm does not exist, it will return a 404 error. Is that what you are talking about?

  15. #15

    Join Date
    Oct 2003
    Location
    €uroLand
    Posts
    1,340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by c1vineoflife
    That doesn't take care of the occurance of not having anything set for $content.
    It does
    PHP Code:
    if (file_exists($content)==false$content='home.htm'

  16. #16
    Non-Member c1vineoflife's Avatar
    Join Date
    Sep 2004
    Location
    CA
    Posts
    460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by drzoid
    It does
    PHP Code:
    if (file_exists($content)==false$content='home.htm'
    Oh I didn't see the logic in it, but it makes sense now Thanks!

  17. #17

    Join Date
    Oct 2003
    Location
    €uroLand
    Posts
    1,340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by c1vineoflife
    Oh, and what exactly could "malicious" people do with ?content=? I have it to where if they put in something like ?content=bob, and bob.htm does not exist, it will return a 404 error. Is that what you are talking about?
    By appending ".htm" the situation isnt that worse, but yet people could still access ANY .htm file on your server which is accessible by your webserver's process.
    URL?content=/var/SOME-PATH/SECRET-FILE

  18. #18
    Non-Member c1vineoflife's Avatar
    Join Date
    Sep 2004
    Location
    CA
    Posts
    460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by drzoid
    By appending ".htm" the situation isnt that worse, but yet people could still access ANY .htm file on your server which is accessible by your webserver's process.
    True, but then again, I don't have too many valuable documents on my server, and more professional code could counter that...and they would have to know the exact document and location in my server.

  19. #19

    Join Date
    Oct 2003
    Location
    €uroLand
    Posts
    1,340
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You should nevertheless make your code as secure as possible

    In this case its not too hard, just check whether the requested file is within your document root. realpath() might come in handy there.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •