PHP equiv to a 404 error.

[c1vineoflife]

Say if I have an if{}else statement like this:

PHP Code:

if ( isset($content) ) {
    include("$content.htm");
} elseif ( !isset($content) ) {
    include("home.htm");
} 


I have what page to load if the variable $content is set, and what page to load if the variable $content is not set. Now, say I have a link that loads a page, but there is no such page to load. When that happens I would like to load a page saying "This page cannot be found" or something like that. How would I do that? Thanks!

[drzoid]

In your case, if you reference a file which doesnt exist, there will not be a 404 code sent to the client, but the client will get a PHP error from the include() call telling him that the specified file couldnt be located. If you want to send a 404 code you need to use header() as in

PHP Code:

header("HTTP/1.0 404 Not Found"); 


By the way, you definitely need to ensure $content cannot be set from outside because this would open a huge potential security leak, since malicious people could then specifiy whichever file they want.

[c1vineoflife]

In your case, if you reference a file which doesnt exist, there will not be a 404 code sent to the client, but the client will get a PHP error from the include() call telling him that the specified file couldnt be located. If you want to send a 404 code you need to use header() as in

PHP Code:

header("HTTP/1.0 404 Not Found"); 


By the way, you definitely need to ensure $content cannot be set from outside because this would open a huge potential security leak, since malicious people could then specifiy whichever file they want.

How exactly would I do both of those things?

[vinyl-junkie]

Regarding the first question, here's an example of what you need:

Code:

if ( isset($content) ) { 
    include("$content.htm"); 
} else { 
    header("HTTP/1.0 404 Not Found"); 
    header("location: http://www.example.com/404.php");
}

http://www.example.com/404.php would be the location of your custom 404 page, which gives them a "page not found" error message.

As for making sure that $content is something you're expecting, just have some code that tests the value of that variable. For example:

Code:

if ($content = "this") {
//do one thing
}
else {
if ($content = "that") {
//do another thing
}
else ...

Hopefully, you get the idea.

[reminder]

wrong...

PHP Code:

if ($content = "this") {
//do one thing
}
else {
if ($content = "that") {
//do another thing
}
else ... 


right

PHP Code:

if ($content = "this") {
//do one thing
}
else if ($content = "that") {
//do another thing
}
else ... 


small error but significative
cheers

[HardCoded]

I think I'd do this:

PHP Code:

if ( isset($content) && file_exists("$content.htm")) { 
    include("$content.htm"); 
} else { 
    header("HTTP/1.0 404 Not Found"); 
    header("location: http://www.example.com/404.php");
} 


That should fix both worries.

[vinyl-junkie]

reminder: We were both wrong! Your code:

Code:

if ($content = "this") { 
//do one thing 
} 
else if ($content = "that") { 
//do another thing 
} 
else ...

Corrected code:

Code:

if ($content == "this") { 
//do one thing 
} 
else if ($content == "that") { 
//do another thing 
} 
else ...

HardCoded: Wonder why I didn't do that in the first place, especially since I already have some web pages that do it just like that. Doh!

[swdev]

or better, imho

PHP Code:

  
  switch ($content)
  {
    case 'this':
       // do this stuff
       break;
    case 'that':
       // do that stuff
       break;
    default:
       // don;t recognise $content - do error stuff
       break;
  } 


[drzoid]

Regarding the first question, here's an example of what you need:

Code:

if ( isset($content) ) { 
    include("$content.htm"); 
} else { 
    header("HTTP/1.0 404 Not Found"); 
    header("location: http://www.example.com/404.php");
}

http://www.example.com/404.php would be the location of your custom 404 page, which gives them a "page not found" error message.

That wont work, because the "Location" header will change the status code to 302. Why do you need a redirect if you are saying "not found" at all?

PHP Code:

header("HTTP/1.0 404 Not Found"); 


is enough and perhaps with some content following to be displayed in the browser.

[c1vineoflife]

Thanks you guys! I appreciate the help

[c1vineoflife]

Oh, and another question. What is wrong with my code (it isn't working)?

PHP Code:

if ( isset($content) && file_exists($content.htm) ) {
    include("$content.htm");
} elseif ( !isset($content) ) {
    include("home.htm");
} elseif ( !file_exists($content.htm) ) {
    include("404.htm");
} 


[c1vineoflife]

Well, I still don't know why my other code works, but this code works like a charm:

PHP Code:

if ( !isset($content) ) {
    include("home.htm");
}

if ( isset($content) && file_exists("$content.htm")) {
    include("$content.htm");
} elseif ( isset($content) && !file_exists($content.htm) ) {
    include("404.htm");
} 


It includes my home page if no page is specified, and if a page is specified but does not exist, it includes my custom 404 page. Good?

[drzoid]

If you already have a default page for unknown requests, simply always use it.

PHP Code:

$content=$content.'htm';

if (file_exists($content)==false) $content='home.htm';

include($content); 


Although still pay attention to the last part of http://www.sitepoint.com/forums/show...41&postcount=2

[c1vineoflife]

If you already have a default page for unknown requests, simply always use it.

PHP Code:

$content=$content.'htm';

if (file_exists($content)==false) $content='home.htm';

include($content); 


Although still pay attention to the last part of http://www.sitepoint.com/forums/show...41&postcount=2

That doesn't take care of the occurance of not having anything set for $content. That would put a big blank spot when anyone would simply type in www.example.com. That is a nice peice of code though. It eleminites some typing

Oh, and what exactly could "malicious" people do with ?content=? I have it to where if they put in something like ?content=bob, and bob.htm does not exist, it will return a 404 error. Is that what you are talking about?

[drzoid]

That doesn't take care of the occurance of not having anything set for $content.

It does

PHP Code:

if (file_exists($content)==false) $content='home.htm'; 


[c1vineoflife]

It does

PHP Code:

if (file_exists($content)==false) $content='home.htm'; 


Oh I didn't see the logic in it, but it makes sense now Thanks!

[drzoid]

Oh, and what exactly could "malicious" people do with ?content=? I have it to where if they put in something like ?content=bob, and bob.htm does not exist, it will return a 404 error. Is that what you are talking about?

By appending ".htm" the situation isnt that worse, but yet people could still access ANY .htm file on your server which is accessible by your webserver's process.

URL?content=/var/SOME-PATH/SECRET-FILE

[c1vineoflife]

By appending ".htm" the situation isnt that worse, but yet people could still access ANY .htm file on your server which is accessible by your webserver's process.

True, but then again, I don't have too many valuable documents on my server, and more professional code could counter that...and they would have to know the exact document and location in my server.

[drzoid]

You should nevertheless make your code as secure as possible

In this case its not too hard, just check whether the requested file is within your document root. realpath() might come in handy there.