PHP: header processing flow
Blogs20132013-01-14
PHP: header processing flow
When access a security site, normally the following factors need to be considered:
- session start?
- setup error_report mode
- user login or not?
- initial steps:load and instantiate modules.
A typical steps are like this:
<?php
session_start();
error_reporting(E_ALL & ~E_NOTICE);
defined('ROOT') or define('ROOT', getcwd());
if(empty($_SESSION['username'])) {
//use Heredoc:
$js_script = <<<EOT
if(window.opener) {
window.opener.location.href='/login.php';
}
else {
window.parent.location.href='/login.php';
}
EOT;
echo $js_script;
exit;
}
//normal flow...
?>For the error_report() mode, if not set, PHP configuration file will take effect. in /etc/php.ini, the description is:
; Common Values:
; E_ALL & ~E_NOTICE (Show all errors, except for notices and coding standards warnings.)
; E_ALL & ~E_NOTICE | E_STRICT (Show all errors, except for notices)
; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)
; E_ALL | E_STRICT (Show all errors, warnings and notices including coding standards.)
; Default Value: E_ALL & ~E_NOTICE
; Development Value: E_ALL | E_STRICT
; Production Value: E_ALL & ~E_DEPRECATED
; Note: The php.ini-development file has this setting as E_ALL | E_STRICT. This
; means it pretty much reports everything which is exactly what you want during
; development and early testing.
; E_ALL | E_STRICT (Show all errors, warnings and notices including coding standards.)