It can be rather irritating for a user to happen upon a moved or removed Web page, only to see the dreaded “HTTP 404 – File not found” message. That said, site maintainers should take every step necessary to ensure that “link rot” does not occur. However, there are times when this cannot be easily avoided, particularly when major site migrations or updates are taking place.
Fortunately, Apache offers a configuration directive that makes it possible to forward all requests ending in a particular server error (404, 403, and 500, for example) to a predetermined page.
The directive, named ErrorDocument, can be placed with httpd.conf’s main configuration container, as well as within virtual host, directory, and .htaccess containers (with the appro- priate permissions, of course). For example, you could point all 404 errors to a document named error.html, which is located in the particular context’s base directory, like so:
ErrorDocument 404 /error.html
Pointing 404s to such a page is useful because it could provide the user with further infor- mation regarding the reason for page removal, an update pertinent to Web site upgrade progress, or even a search interface. Using it in combination with PHP, such a page could also attempt to discern the page that the user is attempting to access, and forward them accordingly; e-mail the site administrator, letting her know that an error has occurred; create custom error logs; or do really anything else that you’d like it to do. This section demonstrates how to use PHP to gather some statistics pertinent to the missing file and mail that information to a site adminis- trator. Hopefully this example will provide you with a few ideas as to how you can begin creating custom 404 handlers suited to your own specific needs.
■ Note Some of the concepts described in this chapter are already handled quite efficiently by the URL- rewriting capability of the Apache Web server. However, keep in mind that many readers use shared servers for Web hosting, and thus do not have the luxury of wielding such control over the behavior of their Web server. That said, the concepts described here serve to encourage readers to consider alternative solutions in situations where not all tools are made available to them.
In this example, you’ll create a script that e-mails the site administrator with a detailed report of the error, and displays a message asking the user’s forgiveness. To start, create an .htaccess file that redirects the 404 errors to the custom script:
ErrorDocument 404 /www/htdocs/errormessage.html
If you want this behavior to occur throughout the site, place it in the root directory of your Web site. If you’re unfamiliar with .htaccess files, see the Apache documentation for more information.
Next, create the script that handles the error by e-mailing the site administrator and displaying an appropriate message. This script is provided in Listing 13-4.
Listing 13-4. E-mail Notification and Simple Message Display
<?php // Server
$servername = $_SERVER['SERVER_NAME'];
$recipient = "webmaster@example.com";
$subject = "404 error detected: ".$_SERVER['PHP_SELF'];
$timestamp = date( "F d, Y G:i:s", time() );
$referrer = $_SERVER['HTTP_REFERER'];
$ip = $_SERVER['REMOTE_ADDR'];
$redirect = $_SERVER['REQUEST_URI'];
$body = <<< body
A 404 error was detected at: $timestamp.
C H A P T E R 1 3 ■ F O R M S A N D N A V I G A T I O N A L C U E S 323
Server: $servername Missing page: $redirect Referring document: $referrer User IP Address: $ip
body;
mail($recipient, $subject, $body, "From: administrator\r\n");
?>
<h3>File Not Found</h3>
<p>
Please forgive us, as our Web site is currently undergoing maintenance.
As a result, you may experience occasional difficulties accessing documents and/or services.
The site administrator has been emailed with a detailed event log of this matter.
</p>
Thank you,<br />
The Web site Crew
Of course, if your site is particularly large, you might want to consider writing error infor- mation to a log file or database rather than sending it via e-mail.
Summary
One of the Web’s great strengths is the ease with which it enables us to not only disseminate but also compile and aggregate user information. However, as developers, this mean that we must spend an enormous amount of time building and maintaining a multitude of user inter- faces, many of which are complex HTML forms. The concepts described in this chapter should enable you to decrease that time a tad.
In addition, this chapter offered a few commonplace strategies for improving the general user experience while working with your application. Although not an exhaustive list, perhaps the material presented in this chapter will act as a springboard for you to conduct further experimentation, as well as help you to decrease the time that you invest in what is surely one of the more time-consuming aspects of Web development: improving the user experience.
The next chapter shows you how to protect the sensitive areas of your Web site by forcing users to supply a username and password prior to entry.
325
■ ■ ■
C H A P T E R 1 4
Authentication
Authenticating user identities is common practice in today’s Web applications. This is done not only for security-related reasons, but also to offer customization features based on user preferences and type. Typically, users are prompted for a username and password, the combi- nation of which forms a unique identifying value for that user. In this chapter, you’ll learn how to prompt for and validate this information, using PHP’s built-in authentication capabilities.
Specifically, in this chapter you’ll learn about:
• Basic HTTP-based authentication concepts
• PHP’s authentication variables, namely $_SERVER['PHP_AUTH_USER'] and
$_SERVER['PHP_AUTH_PW']
• Several PHP functions that are commonly used to implement authentication procedures
• Three commonplace authentication methodologies: hard-coding the login pair (username and password) directly into the script, file-based authentication, and database-based authentication
• Further restricting authentication credentials with a user’s IP address
• Taking advantage of PEAR using the Auth_HTTP package
• Testing password guessability using the CrackLib extension
• Recovering lost passwords using one-time URLs