We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree

Bug #21034 See Comments

No ability to create custom 401 or 403 HTTP code error pages

Version: 2.10.1 Reporter: IRIS_HQ

This is an archived bug report. If you are experiencing a similar issue, upgrade to the latest release and if that does not solve the problem, submit a new bug report

EE provides the ability to create a custom 404 error page. However, it does not provide the ability to create custom 401 or 403 HTTP code error pages, unlike other web development frameworks, yet it uses HTTP authentication and authorization throughout the CMS. Searching the EE core shows where this is implemented, and it seems very much like a sledgehammer approach.

In system/expressionengine/libraries/Auth.php

132         // --------------------------------------------------------------------
133 
134         /**
135          * Authenticate from basic http auth
136          *
137          * @access      public
138          */
139         public function authenticate_http_basic($not_allowed_groups = array(),
140                                                                                         $realm='Authentication Required')
141         {
142                 $always_disallowed = array(2, 3, 4);
143 
144                 $not_allowed_groups = array_merge($not_allowed_groups, $always_disallowed);
145 
146                 $authed = $this->_retrieve_http_basic();
147 
148                 if ($authed !== FALSE)
149                 {
150                         if (in_array($authed->member('group_id'), $not_allowed_groups))
151                         {
152                                 $authed = FALSE;
153                         }
154                 }
155 
156                 if ($authed === FALSE)
157                 {
158                         @header('WWW-Authenticate: Basic realm="'.$realm.'"');
159                         ee()->output->set_status_header(401);
160                         @header("Date: ".gmdate("D, d M Y H:i:s")." GMT");
161                         exit("HTTP/1.0 401 Unauthorized");
162                 }
163 
164                 return TRUE;
165         }

The code uses the PHP exit() function to dump out a string. There is no way to actually subclass this functionality and create a custom 401 or 403 error page.

Note: I cannot even find a place where 403 errors are handled.

Please fix this bug, or at the very least give the control of error document handling back to Apache. Right now EE hijacks the process.

Report Bug

Sort Bugs

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Formatting Cheatsheet

ExpressionEngine implements Markdown Extra and BBCode. Please see the Markdown Extra docs and the BBCode Wikipedia article for a full reference.

Inline styles

**bold**, __bold__, *italics*, _italics_, ~strike/del~, `code()`
bold, italics, strike/del, code()

Links and Images

Link: [link title](https://example.com)

Image: ![alt text](https://example.com/image.jpg)

Quoting

[blockquote]...[/blockquote], [quote]...[/quote], and Markdown style:

> Some quoted text.
>
> This is all one quote.

Code Samples

[code]...[/code], and you can also specify the language for syntax highlighting, [code=php]...[/code]

GitHub flavored Markdown code fences are also supported:

```
public function decoderRing($str)
{
	return str_rot13($str);
}
```

Username

Password

Forgot password?
or Register