{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Bombasti 的问题《How to return an HTTP 500 code on any error, no ma》','https://www.manongdao.com/q-153508.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm writing an authentication script in PHP, to be called as an API, that needs to return 200only in the case that it approves the request, and403(Forbidden) or500` otherwise.
The problem I'm running into is that php returns 200 in the case of error conditions, outputting the error as html instead. How can I make absolutely sure that php will return an HTTP 500 code unless I explicitly return the HTTP 200 or HTTP 403 myself? In other words, I want to turn any and all warning or error conditions into 500s, no exceptions, so that the default case is rejecting the authentication request, and the exception is approving it with a 200 code.
I've fiddled with set_error_handler() and error_reporting(), but so far no luck. For example, if the code outputs something before I send the HTTP response code, PHP naturally reports that you can't modify header information after outputting anything. However, this is reported by PHP as a 200 response code with html explaining the problem. I need even this kind of thing to be turned into a 500 code.
Is this possible in PHP? Or do I need to do this at a higher level like using mod_rewrite somehow? If that's the case, any idea how I'd set that up?
On the php page for set_error_handler() you can find a comment by smp at ncoastsoft dot com posted on 08-Sep-2003 10:28 which exlpains how to even catch fatal errors (which you can normally not catch with a custom error handler. I changed the code for you needs:
This shold catch the fatal error of the non existing function. It than returns a 500 and stops the execution of the rest of the script.