In PHP is there any way to catch a 404 not found?
If a user ends up on a 404, I want them to be redirected to a known page, but to display something different if it is due to a 404 error.
Something like
if($_SERVER['HTTP_REFERER'] == 404){
echo("You've been redirected!");
}
Thanks in advance
PHP is only given the path to the page that referred you to the current page, it can't retrieve the status code for that page.
You shouldn't need to redirect the page when the page specified doesn't exist. In Apache you can specify the ErrorDocument to be a PHP file, just append a query string to the file such as ErrorDocument /index.php?error=404 so that your PHP file knows the page being requested doesn't exist. This way you can display the error straight to the user on the same page and the URL isn't lost. You don't need session or server variables, just a $_GET['error'] to check if there is an error code provided to the page.
Or, you can specify a pre-built document that is just a 404 error page, such as an ErrorDocument my404error.html, which will be displayed without any server-side processing for the page which is not found.
Related
I'm designing a website but I know if the user enters a wrong character into my url, a not found page will open for him . and I know it can be a way to hack my website. What should I do for that? for example if the user enters a ' into my url like this:
http://example.com/article.php?id=585'
He move to a not found page which I have designed it or move to the first page or the last page he was in.
Thanks.
You have to take 2 things into consideration:
Handling non-existent files
Handling non-existent article ids
Here's how to handle each case:
1) Create an .htaccess file and place it in your website root folder:
RewriteEngine on
ErrorDocument 404 /error.php # change this to your own 404 file path
2) Open the articles.php file and add this to the top (right after checking if your ID exists)
if(!valid_id($id)) {
//if you have php 5.3- use this
header('HTTP/1.1 404 Not Found');
//if you have php 5.4+ use this
//http_response_code(404);
include('error.php'); //change this path to your own 404 file
die();
}
Obviously, valid_id() is just a function example.
You will have to create a custom 404 page. So when your website doesn't get that page, it will show your custom page.
Try this link for custom page.
By the way from id=585'(apostophe after 585), I mean you want to prevent sql injection. Right? Just sanitise the input, that is, check if id is valid for not. You can find a lot of tutorial for that, just google it.
P.S : Believe me, It would take a lot more then a 404 Page to hack your server
just use this:
Open the articles.php file and add this to the top (right after checking if your ID exists)
if(!valid_id($id)) {
header('location:error.php'); exit();//change this path to your own 404 file
}
valid_id() is just a checking function example.
I have a php script that redirect the user to a specific page based on a record id (e.g. example.com/page.php?id=4)
My question is: How can I redirect the user to the 404 Error page if he type in the browser a record id that doesn't exists? (e.g. example.com/page.php?id=59542)
Although, putting an id that doesn't exists in the DB shows no data, but the user still can see the page template.. but with empty data...
Thanks
Using if statements check if there is such ID in the database, if it does not exist, do:
header("Location: 404.php");
You can change 404.php to your 404 file location.
You should send a 404 header, and maybe display a custom not found page:
<?php
header("HTTP/1.0 404 Not Found");
include("404.php");
?>
You can create a page, (a complete page, with CSS, ...) and redirect to that page every 404.
Example: Look what google does https://www.google.com/adlkfjaoie43 they created a page to redirect to.
Typical scenario:
DB items are displaied in page http://...?item_id=467
User one day deletes
the item
Google or a user
attempts to access http://...?item_id=467
PHP diggs into DB and sees items does not exist anymore, so now PHP must tell
Google/user that item is not existing via a 404 header and page.
According to this answer I undertstood there is no way to redirect to 404 Apache page via PHP unless sending in code the 404 header + reading and sending down to client all the contents of your default 404 page.
The probelm: I already have an Apache parsed custom 404.shtml page, so obvioulsy I would like to simply use that page.
But if i read an shtml page via PHP it won't be parsed by Apache anymore.
So what do you suggest me to do?
Is there maybe some trick I could use palying with htaccess too?
Thanks,
Hmm. Two ideas come to mind:
Redirect to the 404 page using header("Location:...") - this is not standards-compliant behaviour though. I would use that only as a last straw
Fetch and output the Apache-parsed SHTML file using file_get_contents("http://mydomain.com/404.shtml"); - also not really optimal because a request is made to the web server but, I think, acceptable in most cases.
I doubt there is anything you can do in .htaccess because the PHP script runs after any rewrite rules have already been parsed.
IF you are using apache mod_php, use virtual('/404.shtml'); to display the parsed shtml page to your user.
I was trying to do this exact same thing yesterday.
Does Pekka's file_get_contents/include result in a 404 status header being sent? Perhaps you need to do this before including the custom error page?
header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
You can test using this Firefox extension.
I was looking exactly for something like you needed, so you have a page:
http://example.com/page?item_id=456
and if later you want that if item is missing you are redirected to:
http://example.com/page_not_found?item_id=456
In reality I found it is much more maintainable solution to just use the original page as 404 page.
<?php
$item = findItem( $_GET['item_id']);
if($item === false){
//show 404 page sending correct header and then include 404 message
header( $_ENV['SERVER_PROTOCOL'].' 404 Not Found', true );
// you can still use $_GET['item_id'] to customize error message
// "maybe you were looking for XXX item"
include('somepath/missingpage.php');
return;
}
//continue as usual with normal page
?>
So if item is no longer in the DB, the 404 page is showed but you can provide custom items in replace or error messages.
I'm creating a PHP CMS and have some system pages like a 404 page, a maintenance page, and an unauthorized access page. When Page A isn't found, the CMS will redirect to the 404 page; if the user doesn't have access to Page B, it will redirect to the unauthorized access page, etc.
I'd like to use the proper status code in the header of each page, but I need clarification on how to handle the header/redirect. Do I put the 404 header on Page A and then redirect to the 404 page or do I put the 404 status on the 404 page itself? Also, if the latter is the correct answer, what kind of redirect should I use to get there, a 301 or a 302?
If a user arrives on page A and that page doesn't exist, then do not redirect : just send a 404 error code from page A -- and, to be nice for your user, an HTML content indicating that the page doesn't exist.
This way, the browser (and it's even more true for crawlers ! ) will know that the page that is not found is page A, and not anything else you'd have tried to redirect to.
Same for other kind of errors, btw : if a specific URL corresponds to an error, then, the error code should be sent from that URL.
Basically, something as simple as this should be enough :
if (page not found) {
header("404 Not Found");
echo "some nice message that says the page doesn't exist";
die;
}
(Well, you could output something nicer, of course ; but you get the idea ;-) )
I'm not sure if the redirecting is the best way for doing this. Id rather use some built in functionality that is included into the project.
If the data is not found, do not redirect the user to another page, just send him an error message, like Hey, this site does not exists! Try an other one and so.
And not at the end, you should build into the code, the code-part from the answer of Pascal Martin.
I would do this into a function, and call it from a bootstrap or something with a similar behavior.
function show_error($type="404", $header = true, $die = false)
{
if($header)
header("404 Not Found");
echo file_get_contents($type.'.php');
if($die) die; //
// and so on...
}
I have a php web page that now uses custom error pages when a page is not found. The custom error pages are included in PHP.
So when somebody types in an URL that does not exists I just include an error page, and the error page starts with:
<?php header("HTTP/1.1 404 Not> Found"); ?>
This also tells crawlers that the page does not exist.
Now I have set up a new system. When a user types a wrong url, the user is sent back to the frontpage and a message is displayed on the frontpage. I redirect to the frontpage like this:
header('Location:' . __TINY_URL . '/');
Now the problem is PHP just sends back a 200 code, page found.
How can I mix these two to create a 404 code on the frontpage.
And is this overall a nice way of presenting and error page.
It's giving you a 200 code because you are redirecting to a page that returns a 200 code. The way ive done this before is to send the 404 header then load the 404 view.
header("HTTP/1.0 404 Not Found");
include("four_o_four.php");
Redirecting after an error is not a very good idea. It's especially annoying for people who like to type in/edit URLs, because if you make a typo, you'll get redirected to some arbitrary page and have to start over.
I suggest you don't do this at all. If you want to, you can have your error page look like your front page though, albeit I think that'd be somewhat confusing.
You can add this into your htaccess
ErrorDocument 404 http://www.yourdomain.com/404.php
or
ErrorDocument 404 http://www.yourdomain.com/index.php #Your homepage
This will send the intials 404 header