PHP重定向用户并设置403标头

时间:2016-10-10 21:07:08

标签: php .htaccess mod-rewrite

这似乎是一个奇怪的请求,但我试图将用户从特定的一组页面重定向并设置一个403标题,以便我的错误处理程序接收它并显示必要的通知。我的重定向脚本不会重定向用户。

我尝试使用此脚本重定向:

// Redirect users from sensative pages
if(!isset($_SESSION['logged_in']) || isset($_SESSION['logged_in']) && $_SESSION['logged_in'] !== "admin") {
 $redirect[] = array();
 $redirect[] = "uploadImg.php";
 if (in_array(basename($_SERVER["SCRIPT_FILENAME"]), $redirect)) {
  header('HTTP/1.1 403 FORBIDDEN');
  header('Status: 403 You Do Not Have Access To This Page');
  header("Location: index.php");
}
}

但奇怪的是,如果我删除这两行:

  header('HTTP/1.1 403 FORBIDDEN');
  header('Status: 403 You Do Not Have Access To This Page');

制作剧本:

// Redirect users from sensative pages
if(!isset($_SESSION['logged_in']) || isset($_SESSION['logged_in']) && $_SESSION['logged_in'] !== "admin") {
 $redirect[] = array();
 $redirect[] = "uploadImg.php";
 if (in_array(basename($_SERVER["SCRIPT_FILENAME"]), $redirect)) {
  header("Location: index.php");
}
}

它会将用户重定向回index.php页。

我特意尝试设置标头,以便我的.htaccess接收错误并执行错误文档处理。

这是我的.htaccess

ErrorDocument 400 /index.php?err=400
ErrorDocument 401 /index.php?err=401
ErrorDocument 403 /index.php?err=403
ErrorDocument 404 /index.php?err=404
ErrorDocument 500 /index.php?err=500
ErrorDocument 502 /index.php?err=502
ErrorDocument 504 /index.php?err=504

Options -MultiViews
RewriteEngine On
RewriteBase /

RewriteRule ^h/(\d+)/w/(\d+)/a/([a-z]+)/thumb/(.+)$ /gallery/thumb.php?h=$1&w=$2&a=$3&src=$4 [L]
RewriteRule ^h/(\d+)/w/(\d+)/a/([a-z]+)/watermark/(.+)$ /gallery/watermark.php?h=$1&w=$2&a=$3&src=$4 [L]

<FilesMatch ".(jpg|png|gif|jpeg)$">
ErrorDocument 404 error.png
</FilesMatch>

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin http://example.com  
    Header set Access-Control-Allow-Credentials true
</IfModule>

最后我在index.php上的错误处理程序脚本:

if(isset($_GET['err'])) {
   $error_status = $_GET['err'];
   switch ($error_status) {
     case 400:
      echo '<div class="alert alert-danger alert-top" role="alert">' . PHP_EOL;
      echo '<a href="#" class="close" data-dismiss="alert" aria-label="close">&times;</a>' . PHP_EOL;
      echo '<strong>400 Bad Request:</strong> There was an error with your request.' . PHP_EOL;
      echo '</div>' . PHP_EOL;
     break;

     case 401:
      echo '<div class="alert alert-danger alert-top" role="alert">' . PHP_EOL;
      echo '<a href="#" class="close" data-dismiss="alert" aria-label="close">&times;</a>' . PHP_EOL;
      echo '<strong>401 UNAUTHORIZED:</strong> You are not authorized to view this page or directory.' . PHP_EOL;
      echo '</div>' . PHP_EOL;
     break;

     case 403:
      echo '<div class="alert alert-danger alert-top" role="alert">' . PHP_EOL;
      echo '<a href="#" class="close" data-dismiss="alert" aria-label="close">&times;</a>' . PHP_EOL;
      echo '<strong>403 FORBIDDEN:</strong> You do not have access to this file or directory.' . PHP_EOL;
      echo '</div>' . PHP_EOL;
     break;

     case 404:
      echo '<div class="alert alert-danger alert-top" role="alert">' . PHP_EOL;
      echo '<a href="#" class="close" data-dismiss="alert" aria-label="close">&times;</a>' . PHP_EOL;
      echo '<strong>404 Error:</strong> The page you are looking for does not exist.' . PHP_EOL;
      echo '</div>' . PHP_EOL;
     break;

     case 500:
      echo '<div class="alert alert-danger alert-top" role="alert">' . PHP_EOL;
      echo '<a href="#" class="close" data-dismiss="alert" aria-label="close">&times;</a>' . PHP_EOL;
      echo '<strong>500 Internal Server Error:</strong> The server encountered an error. Please try again.' . PHP_EOL;
      echo '</div>' . PHP_EOL;
     break;

     case 502:
      echo '<div class="alert alert-danger alert-top" role="alert">' . PHP_EOL;
      echo '<a href="#" class="close" data-dismiss="alert" aria-label="close">&times;</a>' . PHP_EOL;
      echo '<strong>502 Bad Gateway:</strong> The server received an invalid response.' . PHP_EOL;
      echo '</div>' . PHP_EOL;
     break;

     case 504:
      echo '<div class="alert alert-danger alert-top" role="alert">' . PHP_EOL;
      echo '<a href="#" class="close" data-dismiss="alert" aria-label="close">&times;</a>' . PHP_EOL;
      echo '<strong>504 Gateway Timeout:</strong> The server is taking too long to respond.' . PHP_EOL;
      echo '</div>' . PHP_EOL;
     break;
   }
 }

我或多或少地想知道为什么这两行会阻止我的重定向脚本工作:

  header('HTTP/1.1 403 FORBIDDEN');
  header('Status: 403 You Do Not Have Access To This Page');

我确实找到了解决重定向问题的解决方案,但错误通知未显示:How to send 500 Internal Server Error error from a PHP script

基于以上所选答案的代码:

// Redirect users from sensative pages
if(!isset($_SESSION['logged_in']) || isset($_SESSION['logged_in']) && $_SESSION['logged_in'] !== "admin") {
 $redirect[] = array();
 $redirect[] = "uploadImg.php";
 if (in_array(basename($_SERVER["SCRIPT_FILENAME"]), $redirect)) {
  header($_SERVER['SERVER_PROTOCOL'] . ' 403 FORBIDDEN', true, 403);
  header("Location: index.php");
}
}

其他尝试:为了达到理想的效果,我还改变了以下内容:

根据@Parrot的建议我试过:

// Redirect users from sensative pages
if(!isset($_SESSION['logged_in']) || isset($_SESSION['logged_in']) && $_SESSION['logged_in'] !== "admin") {
 $redirect[] = array();
 $redirect[] = "uploadImg.php";
 if (in_array(basename($_SERVER["SCRIPT_FILENAME"]), $redirect)) {
  http_response_code(403);
  header("Location: index.php");
}
}

虽然它确实重定向但显示通知并不起作用,所以这促使我将错误文档的顶部更改为:

 if(isset($_GET['err'])) {
   $error_status = $_GET['err'];
 }
 else {
   $error_status = http_response_code();
 }

希望它最初没有阅读http_response_code();

注意:我也知道我可以header("Location: index.php?err=403");,但我不想在地址栏中显示错误代码。

注意:我知道我的重定向方法对于保护包含敏感信息的网页并不是最安全的,但是我重定向的网页只是我不希望查看的一般网页普通大众。

1 个答案:

答案 0 :(得分:2)

替换:

header('HTTP/1.1 403 FORBIDDEN'); header('Status: 403 You Do Not Have Access To This Page');

使用:

http_response_code(403); 我认为你不需要更多东西:))

相关问题
最新问题