{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Bombasti 的问题《How to return an HTTP 500 code on any error, no ma》','https://www.manongdao.com/q-153508.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm writing an authentication script in PHP, to be called as an API, that needs to return 200only in the case that it approves the request, and403(Forbidden) or500` otherwise.
The problem I'm running into is that php returns 200 in the case of error conditions, outputting the error as html instead. How can I make absolutely sure that php will return an HTTP 500 code unless I explicitly return the HTTP 200 or HTTP 403 myself? In other words, I want to turn any and all warning or error conditions into 500s, no exceptions, so that the default case is rejecting the authentication request, and the exception is approving it with a 200 code.
I've fiddled with set_error_handler() and error_reporting(), but so far no luck. For example, if the code outputs something before I send the HTTP response code, PHP naturally reports that you can't modify header information after outputting anything. However, this is reported by PHP as a 200 response code with html explaining the problem. I need even this kind of thing to be turned into a 500 code.
Is this possible in PHP? Or do I need to do this at a higher level like using mod_rewrite somehow? If that's the case, any idea how I'd set that up?
Simply send the status code as a response
header():Remember that when sending this there must not be any output before it. That means no
echocalls and no HTML or whitespace.since PHP 5.4.0 there is a spezialized function for that
http_response_code()i.e.:see http://www.php.net/manual/en/function.http-response-code.php
Curious if you ever figured out how to get PHP to return 500 on Parse errors... I have the same exact need... API is posting to our app and expects a 200 only if everything was processed correctly...
In the case of a Parse error, PHP returns an Error 200 and I have used both of these functions:
register_shutdown_function() set_error_handler()
and these don't get hit when a "parse/syntax" error happens in the code...
So this is a low-level PHP function that would have to be set in the PHP.INI or somewhere... I am using PHP 5.3.10...
I checked the PHP docs for header(), and it's simpler than I was making it - if the second parameter is true, it will replace a similar header. the default is true. So the correct behavior is header
('HTTP/1.1 403 Forbidden');, then do the authentication logic, then if it authenticates, do header('HTTP/1.1 200 OK'). It will replace the 403 response, and will guarantee that 403 is the default.You should not use 500, that indicates an internal server error.
This (and other headers) should be sent before any ouput, except if you have output buffering enabled.
Use output buffering to allow you to modify the headers after writing to the body of the page. You can set this in the ini file rather than updating every script.
(Note the header() call will still fail if you explicitly flush the output buffer)
C.