Jake Jake - 9 months ago 120
HTTP Question

How to return an HTTP 500 code on any error, no matter what

I'm writing an authentication script in PHP, to be called as an API, that needs to return 200

only in the case that it approves the request, and
403
(Forbidden) or
500` otherwise.

The problem I'm running into is that php returns
200
in the case of error conditions, outputting the error as html instead. How can I make absolutely sure that php will return an HTTP
500
code unless I explicitly return the HTTP
200
or HTTP
403
myself? In other words, I want to turn any and all warning or error conditions into
500
s, no exceptions, so that the default case is rejecting the authentication request, and the exception is approving it with a
200
code.

I've fiddled with
set_error_handler()
and
error_reporting()
, but so far no luck. For example, if the code outputs something before I send the HTTP response code, PHP naturally reports that you can't modify header information after outputting anything. However, this is reported by PHP as a
200
response code with html explaining the problem. I need even this kind of thing to be turned into a
500
code.

Is this possible in PHP? Or do I need to do this at a higher level like using
mod_rewrite
somehow? If that's the case, any idea how I'd set that up?

Answer Source

I checked the PHP docs for header(), and it's simpler than I was making it - if the second parameter is true, it will replace a similar header. the default is true. So the correct behavior is header ('HTTP/1.1 403 Forbidden');, then do the authentication logic, then if it authenticates, do header ('HTTP/1.1 200 OK'). It will replace the 403 response, and will guarantee that 403 is the default.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download