I have read a tutorial, and in that tutorial they make a error function.
When the function was called it runs:
<?php
header('HTTP/1.0 404 Not Found');
include('errorpage.php');
exit();
?>
But what is the use of that? Why can't you use header('Location: errorpage.php') or skip the part header('HTTP/1.0 404 Not Found')?
If you use header('Location: errorpage.php') then you are saying "The document you want can be found here". This is a lie.
If you don't include header('HTTP/1.0 404 Not Found') then you are saying "OK, here is the document you asked for" and then displaying an error message. This is a lie.
If the error page is for an attempt from a browser to run a JavaScript, it will try to execute the HTML as JS and throw an error.
If the client is a search engine, it will index the error page as content instead of treating the link as broken. This will give you bad results in searches.
If the client is a downloading tool, it will download the document as a file. If it is going recursively, it could end up following vast numbers of links to error pages on your server and fill up the user's hard disk while eating lots of your bandwidth.
And so on.
In short, if you don't tell the client it is an error then it will treat it as content.
Related
I am using the following code to display a 404 page if the user requests a URL which doesn't match an article in the database:
if($articleTitle == "")
{
header('HTTP/1.0 404 Not Found');
readfile('404.php');
exit();
}
readfile properly displays a webpage, but it does not parse PHP code in it. Is there an alternative to readfile that displays a different file but parses PHP in that other file? Since this is a 404, a redirect would be bad practice.
readfile only slurps in raw bytes and spits them out to the client. You want include(), which WILL try to execute any PHP found in the loaded file.
if (strstr($_SERVER['REQUEST_URI'],'index.php')) {
header('HTTP/1.0 404 Not Found');
}
Why wont this work? I get a blank page.
Your code is technically correct. If you looked at the headers of that blank page, you'd see a 404 header, and other computers/programs would be able to correctly identify the response as file not found.
Of course, your users are still SOL. Normally, 404s are handled by the web server.
User: Hey, do you have anything for me at this URI webserver?
Webserver: No, I don't, 404! Here's a page to display for 404s.
The problem is, once the web server starts processing the PHP page, it's already passed the point where it would handle a 404
User: Hey, do you have anything for me at this URI webserver?
Webserver: Yes, I do, it's a PHP page. It'll tell you what the response code is
PHP: Hey, OMG 404!!!!!!!
Webserver: Well crap, the 404 page people have already gone home, so I'll just send along whatever PHP gave me
In addition to providing a 404 header, PHP is now responsible for outputting the actual 404 page.
if (strstr($_SERVER['REQUEST_URI'],'index.php')){
header('HTTP/1.0 404 Not Found');
echo "<h1>404 Not Found</h1>";
echo "The page that you have requested could not be found.";
exit();
}
If you look at the last two echo lines, that's where you'll see the content. You can customize it however you want.
That is correct behaviour, it's up to you to create the contents for the 404 page.
The 404 header is used by spiders and download-managers to determine if the file exists.
(A page with a 404 header won't be indexed by google or other search-engines)
Normal users however don't look at http-headers and use the page as a normal page.
For the record, this is the all-case handler:
<?php
header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
header("Status: 404 Not Found");
$_SERVER['REDIRECT_STATUS'] = 404;
?> <!-- 404 contents below this line -->
Load default server 404 page, if you have one, e.g. defined for apache:
if(strstr($_SERVER['REQUEST_URI'],'index.php')){
header('HTTP/1.0 404 Not Found');
readfile('404missing.html');
exit();
}
Since php 5.4 you can now do http_response_code(404);
Another solution, based on #Kitet's.
header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
header("Status: 404 Not Found");
$_SERVER['REDIRECT_STATUS'] = 404;
//If you don't know which web page is in use, use any page that doesn't exists
$handle = curl_init('http://'. $_SERVER["HTTP_HOST"] .'/404missing.html');
curl_exec($handle);
If you are programming a website that hosted in a server you do not have control, you will not know which file is the "404missing.html". However you can still do this.
In this way, you provided exactly the same outcome of a normal 404 page on the same server. An observer will not be able to distinguish between an existing PHP page returns 404 and a non-existing page.
try with:
header("Status: 404 Not Found");
header('HTTP/1.0 404 Not Found');
Bye!
A little bit shorter version. Suppress odd echo.
if (strstr($_SERVER['REQUEST_URI'],'index.php')){
header('HTTP/1.0 404 Not Found');
exit("<h1>404 Not Found</h1>\nThe page that you have requested could not be found.");
}
if($_SERVER['PHP_SELF'] == '/index.php'){
header('HTTP/1.0 404 Not Found');
echo "<h1>404 Not Found</h1>";
echo "The page that you have requested could not be found.";
die;
}
never simplify the echo statements, and never forget the semi colon like above, also why run a substr on the page, we can easily just run php_self
If you want the server’s default error page to be displayed, you have to handle this in the server.
You're doing it right though it could use some refining. Looks like that's been addressed so let's talk practical application benefits:
An old website of ours that has a large collection of multilingual tech docs was executing this inside an if else conditional:
if (<no file found>){
die("NO FILE HERE");
}
The problem (besides the unhelpful message and bad user experience) being that we generally use a link crawler (in our case integrity) to check out bad links and missing documents. This means that we were getting a perfectly correct 200 no error response telling us that there was a file there. Integrity didn't know that we were expecting a PDF so we had to manually add a 404 header with php. By adding your code above the die (because nothing afterwards would execute and header should always be before any rendered html anyway), integrity (which behaves more or less like a browser) would return a 404 and we would know exactly where to look for missing files. There are more elegant ways of telling the user that there is an error, but by serving a 404 error you are not only notifying browsers and browser-like programs of the error but (I believe-correct me if I'm wrong) are also recording those errors in your server logs where you can easily grep for 404s.
header('HTTP/1.0 404 Not Found');
die("NO FILE HERE");
Try this:
if (strstr($_SERVER['REQUEST_URI'],'index.php')) {
header('HTTP/1.0 404 Not Found');
echo "<head><title>404 Not Found</title></head>";
echo "<h1>Not Found</h1>";
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
echo "<p>The requested URL ".$uri." was not found on this server.</p>";
exit();
}
You know, in my website i created something like this:
$uri=$_SERVER['REQUEST_URI'];
$strpos=strpos($uri, '.php');
if ($strpos!==false){
$e404="The page requested by you: "".$_SERVER['REQUEST_URI']."", doesn't exists on this server.";
$maybe=str_replace('.php','',$uri);
$maybe=str_replace('/','',$maybe);
die("<center><h1>404</h1><hr><h3>$e404</h3><h3>Maybe try <a href=$maybe>www.leaveyortexthere.p.ht/$maybe</a>?</center>");
}
i hope it helps you.
I came up to this problem.. I think that redirecting to a non existing link on your server might do the trick ! Because the server would return his 404:
header('Redirect abbb.404.nonexist'); < that doesnt exist for sure
If you want to show the server’s default 404 page, you can load it in a frame like this:
echo '<iframe src="/something-bogus" width="100%" height="100%" frameBorder="0" border="0" scrolling="no"></iframe>';
I am trying to understand the combination of 3 simple php code lines,
This is the code:
ob_end_clean();
header('HTTP/1.0 404 Not Found');
exit;
So this is the code and as i understand the first line ob_end_clean();, Can help for example with BOM(Byte order mark), So the first line is to prevent any previous output.
The second line header('HTTP/1.0 404 Not Found'); is the header.
And the third line exit terminates the script execution.
If i remove the first line and i got a BOM at the document i get blank page (No 404).
If i remove the third line (with and without the BOM), I get the page i wanted no blank page and no 404.
Mabye if anyone can explain why should i use the exit After the
404 header
Also why with the BOM i dont get "headers already sent error"
Thank you all and have a nice day.
If i remove the first line and i got a BOM at the document i get blank
page (No 404).
you get blank 404 because you have no content defined in there...
header('HTTP/1.0 404 Not Found');
is only giving notice that user is on 404 error page site...
if you want to display some 404 notice for user you can do this by loading your 404.html file
if(strstr($_SERVER['REQUEST_URI'],'index.php')){
header('HTTP/1.0 404 Not Found');
readfile('404missing.html');
exit();
}
or directly
if (strstr($_SERVER['REQUEST_URI'],'index.php')){
header('HTTP/1.0 404 Not Found');
echo "<h1>Error 404 Not Found</h1>";
echo "The page that you have requested could not be found.";
exit();
}
exit function is there because you have to prevent execution of another php code, which may be directly after if or which may be excecuted later, simply it says END
why should i use the exit After the 404 header
So that no further code will be executed. If there isn't any then, fine, it isn't necessary in this case. It's a good habit to get into though.
Also why with the BOM i dont get "headers already sent error"
You didn't configure your PHP installation to show errors and notices to the end user.
I havea code that should redirect in case it doesnt have some request parameter set correctly.
if(!is_numeric($_GET['id'])){
header("HTTP/1.0 404 Not Found");
header('Location: '.$url);
exit();
}
Problem is that whenever I check with Firefoxes plugin, live HTTP headers, I see 302 temporary redirect. why is that? why no 404 response is given?
It doesn't make sense to send a Location header with a 404 status code.
Location means "What you asked for is over here"
404 means "I don't have what you asked for"
The two statements are incompatible.
If you want to send a particular human readable explanation of the error, then just output it as you would for any other kind of document. You could include() it if you like. Don't try to redirect to it.
Problem is that whenever I check with Firefoxes plugin, live HTTP
headers, I see 302 temporary redirect. why is that? why no 404
response is given?
Not sure what you want to do here but following will provide your purpose.
if (! is_numeric($_GET['id'])) {
header('Location: ' . $url, true, 404);
exit();
}
You can only send ONE of the headers you are attempting as stated above.
In case of 404 - this will display the error relevant error pages as defined by you're web server config.
To do what you want... you will need to modify the server's 404 from a plain html to a php page and work out what to display from there (you can base on referrer etc).
From within the 'dynamic' 404 page, you can then do you're redirect if required.
if (strstr($_SERVER['REQUEST_URI'],'index.php')) {
header('HTTP/1.0 404 Not Found');
}
Why wont this work? I get a blank page.
Your code is technically correct. If you looked at the headers of that blank page, you'd see a 404 header, and other computers/programs would be able to correctly identify the response as file not found.
Of course, your users are still SOL. Normally, 404s are handled by the web server.
User: Hey, do you have anything for me at this URI webserver?
Webserver: No, I don't, 404! Here's a page to display for 404s.
The problem is, once the web server starts processing the PHP page, it's already passed the point where it would handle a 404
User: Hey, do you have anything for me at this URI webserver?
Webserver: Yes, I do, it's a PHP page. It'll tell you what the response code is
PHP: Hey, OMG 404!!!!!!!
Webserver: Well crap, the 404 page people have already gone home, so I'll just send along whatever PHP gave me
In addition to providing a 404 header, PHP is now responsible for outputting the actual 404 page.
if (strstr($_SERVER['REQUEST_URI'],'index.php')){
header('HTTP/1.0 404 Not Found');
echo "<h1>404 Not Found</h1>";
echo "The page that you have requested could not be found.";
exit();
}
If you look at the last two echo lines, that's where you'll see the content. You can customize it however you want.
That is correct behaviour, it's up to you to create the contents for the 404 page.
The 404 header is used by spiders and download-managers to determine if the file exists.
(A page with a 404 header won't be indexed by google or other search-engines)
Normal users however don't look at http-headers and use the page as a normal page.
For the record, this is the all-case handler:
<?php
header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
header("Status: 404 Not Found");
$_SERVER['REDIRECT_STATUS'] = 404;
?> <!-- 404 contents below this line -->
Load default server 404 page, if you have one, e.g. defined for apache:
if(strstr($_SERVER['REQUEST_URI'],'index.php')){
header('HTTP/1.0 404 Not Found');
readfile('404missing.html');
exit();
}
Since php 5.4 you can now do http_response_code(404);
Another solution, based on #Kitet's.
header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
header("Status: 404 Not Found");
$_SERVER['REDIRECT_STATUS'] = 404;
//If you don't know which web page is in use, use any page that doesn't exists
$handle = curl_init('http://'. $_SERVER["HTTP_HOST"] .'/404missing.html');
curl_exec($handle);
If you are programming a website that hosted in a server you do not have control, you will not know which file is the "404missing.html". However you can still do this.
In this way, you provided exactly the same outcome of a normal 404 page on the same server. An observer will not be able to distinguish between an existing PHP page returns 404 and a non-existing page.
try with:
header("Status: 404 Not Found");
header('HTTP/1.0 404 Not Found');
Bye!
A little bit shorter version. Suppress odd echo.
if (strstr($_SERVER['REQUEST_URI'],'index.php')){
header('HTTP/1.0 404 Not Found');
exit("<h1>404 Not Found</h1>\nThe page that you have requested could not be found.");
}
if($_SERVER['PHP_SELF'] == '/index.php'){
header('HTTP/1.0 404 Not Found');
echo "<h1>404 Not Found</h1>";
echo "The page that you have requested could not be found.";
die;
}
never simplify the echo statements, and never forget the semi colon like above, also why run a substr on the page, we can easily just run php_self
If you want the server’s default error page to be displayed, you have to handle this in the server.
You're doing it right though it could use some refining. Looks like that's been addressed so let's talk practical application benefits:
An old website of ours that has a large collection of multilingual tech docs was executing this inside an if else conditional:
if (<no file found>){
die("NO FILE HERE");
}
The problem (besides the unhelpful message and bad user experience) being that we generally use a link crawler (in our case integrity) to check out bad links and missing documents. This means that we were getting a perfectly correct 200 no error response telling us that there was a file there. Integrity didn't know that we were expecting a PDF so we had to manually add a 404 header with php. By adding your code above the die (because nothing afterwards would execute and header should always be before any rendered html anyway), integrity (which behaves more or less like a browser) would return a 404 and we would know exactly where to look for missing files. There are more elegant ways of telling the user that there is an error, but by serving a 404 error you are not only notifying browsers and browser-like programs of the error but (I believe-correct me if I'm wrong) are also recording those errors in your server logs where you can easily grep for 404s.
header('HTTP/1.0 404 Not Found');
die("NO FILE HERE");
Try this:
if (strstr($_SERVER['REQUEST_URI'],'index.php')) {
header('HTTP/1.0 404 Not Found');
echo "<head><title>404 Not Found</title></head>";
echo "<h1>Not Found</h1>";
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
echo "<p>The requested URL ".$uri." was not found on this server.</p>";
exit();
}
You know, in my website i created something like this:
$uri=$_SERVER['REQUEST_URI'];
$strpos=strpos($uri, '.php');
if ($strpos!==false){
$e404="The page requested by you: "".$_SERVER['REQUEST_URI']."", doesn't exists on this server.";
$maybe=str_replace('.php','',$uri);
$maybe=str_replace('/','',$maybe);
die("<center><h1>404</h1><hr><h3>$e404</h3><h3>Maybe try <a href=$maybe>www.leaveyortexthere.p.ht/$maybe</a>?</center>");
}
i hope it helps you.
I came up to this problem.. I think that redirecting to a non existing link on your server might do the trick ! Because the server would return his 404:
header('Redirect abbb.404.nonexist'); < that doesnt exist for sure
If you want to show the server’s default 404 page, you can load it in a frame like this:
echo '<iframe src="/something-bogus" width="100%" height="100%" frameBorder="0" border="0" scrolling="no"></iframe>';