William Jiang

JavaScript,PHP,Node,Perl,LAMP Web Developer – http://williamjxj.com; https://github.com/williamjxj?tab=repositories

PHP: header processing flow

PHP: header processing flow

When access a security site, normally the following factors need to be considered:

  • session start?
  • setup error_report mode
  • user login or not?
  • initial steps:load and instantiate modules.

A typical steps are like this:

<?php
session_start();
error_reporting(E_ALL & ~E_NOTICE);
defined('ROOT') or define('ROOT', getcwd());

if(empty($_SESSION['username'])) {
//use Heredoc:
$js_script = <<<EOT
<script>
  if(window.opener) {
    window.opener.location.href='/login.php';
  }
  else {
    window.parent.location.href='/login.php';
  }
</script>
EOT;
  echo $js_script;
  exit;
}
//normal flow...
?>

For the error_report() mode, if not set, PHP configuration file will take effect. in /etc/php.ini, the description is:

; Common Values:
;   E_ALL & ~E_NOTICE  (Show all errors, except for notices and coding standards warnings.)
;   E_ALL & ~E_NOTICE | E_STRICT  (Show all errors, except for notices)
;   E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR  (Show only errors)
;   E_ALL | E_STRICT  (Show all errors, warnings and notices including coding standards.)
; Default Value: E_ALL & ~E_NOTICE
; Development Value: E_ALL | E_STRICT
; Production Value: E_ALL & ~E_DEPRECATED

; Note: The php.ini-development file has this setting as E_ALL | E_STRICT. This
; means it pretty much reports everything which is exactly what you want during
; development and early testing.
;   E_ALL | E_STRICT  (Show all errors, warnings and notices including coding standards.)
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: