getservbyport
For who likes to know all the status codes, and the corresponding phrases, that PHP can generate when using the $http_response_code param in the header() function, I have made a little script which tries sequentially all the codes from 100 to 599 and keeps those generating valid results.
This script is enough long to process (using a socket loop connection) then it is executed actually once a day, but generates a cache file, to be served fast.
Note that here are the codes generated by PHP, not those which can be answered by Apache or any other server, nor any other 'exotic' status codes specific to some application: http://gif.phpnet.org/frederic/programs/http_status_codes/
header
(PHP 4, PHP 5)
header — Sendet einen HTTP-Header in Rohform
Beschreibung
void header
( string $string
[, bool $replace= true
[, int $http_response_code
]] )
header() wird zum Senden von HTTP-Anfangsinformationen (Headern) im Rohformat benutzt. Weitere Informationen über die HTTP Header finden Sie in der » HTTP/1.1 Spezifikation.
Beachten Sie, dass Sie die Funktion header() aufrufen müssen, bevor Sie irgendeine andere Art von Ausgabe (seien es normale HTML-Tags, Leerzeilen in einer Datei oder von PHP) zum Client schicken. Es handelt sich hier um einen typischen Fehler, der zum Beispiel auftritt, wenn Sie Code mittels include() oder require() oder einer anderen Dateizugriffs-Funktion einlesen, die Leerzeichen oder Leerzeilen enthalten, die ausgegeben werden, bevor header() aufgerufen wird. Das gleiche Problem kann auch auftreten, wenn Sie eine Datei verwenden, in der HTML und PHP vermischt wurden.
<html>
<?php
/* Dies wird einen Fehler provozieren. Beachten Sie die vorangehende Ausgabe,
* die vor dem Aufruf von header() erzeugt wird */
header('Location: http://www.example.com/');
?>
Parameter-Liste
- string
-
Der Header-String.
Es gibt zwei Spezialfälle von Header-Aufrufen. Der erste ist ein Header, der mit "HTTP/" beginnt (ob Groß- oder Kleinschreibung ist nicht relevant) und zum Herausfinden des zu sendenden HTTP Statuscodes verwendet wird. Wenn Sie zum Beispiel Apache konfiguriert haben, um ein PHP Skript zum Bearbeiten von Anforderungen fehlender Dateien (mittels der ErrorDocument-Direktive) zu verwenden, möchten Sie bestimmt sicherstellen, dass Ihr Skript den passenden Statuscode generiert.
<?php
header("HTTP/1.0 404 Not Found");
?>Der zweite Spezialfall ist der "Location:" Header. Es wird nicht nur der Header an den Browser geschickt, sondern auch ein REDIRECT (302) Statuscode, wenn nicht bereits ein 3xx Statuscode gesendet wurde.
<?php
header("Location: http://www.example.com/"); /* Browser umleiten */
/* Stellen Sie sicher, dass der nachfolgende Code nicht ausgefuehrt wird, wenn
eine Umleitung stattfindet. */
exit;
?> - replace
-
Der optionale Parameter replace gibt an, ob der Header einen vorhergehenden gleichartigen Header ersetzten soll, oder ob ein zweiter Header des selben Typs hinzugefügt werden soll. Standardmäßig wird ersetzt; wenn Sie als zweites Argument FALSE übergeben, können Sie so mehrere Header desselben Typs erzwingen. Zum Beispiel:
<?php
header('WWW-Authenticate: Negotiate');
header('WWW-Authenticate: NTLM', false);
?> - http_response_code
-
Forciert einen HTTP-Response-Code des angegebenen Wertes.
Rückgabewerte
Es wird kein Wert zurückgegeben.
Changelog
| Version | Beschreibung |
|---|---|
| 4.4.2 and 5.1.2 | Die Funktion unterbindet das gleichzeitige Versenden mehrerer Header zum Schutz gegen Header-Injection-Angriffe. |
| 4.3.0 | Der Parameter http_response_code wurde hinzugefügt. |
| 4.0.4 | Der Parameter replace wurde hinzugefügt. |
Beispiele
Beispiel #1 Download-Dialog
Wollen Sie den Benutzer auffordern, die von Ihnen gesendeten Daten wie z.B. eine generierte PDF Datei zu speichern, können Sie den Header » Content-Disposition verwenden, um einen empfohlenen Dateinamen anzubieten und den Browser zu zwingen, den Dialog zum Speichern anzuzeigen.
<?php
// Wir werden eine PDF Datei ausgeben
header('Content-type: application/pdf');
// Es wird downloaded.pdf benannt
header('Content-Disposition: attachment; filename="downloaded.pdf"');
// Die originale PDF Datei heißt original.pdf
readfile('original.pdf');
?>
Beispiel #2 Caching-Direktiven
PHP-Skripte erzeugen oft dynamische Inhalte, die weder vom Browser noch von irgendeinem Proxy zwischen Web-Server und Client-Browser gepuffert ("gecached") werden sollen bzw. dürfen. Bei vielen Proxies und Browsern kann das Cachen wie folgt unterbunden werden:
<?php
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Datum in der Vergangenheit
?>
Hinweis: Es könnte auch sein, dass Ihre Seiten nicht zwischengespeichert werden, auch wenn Sie obigen Header nicht ausgeben. Es gibt eine Anzahl Optionen, welche die Benutzer in ihren Browser einstellen können, um das standardmäßige Caching-Verhalten zu verändern. Durch das Senden obiger Header sollten Sie jedwede Einstellungen, die die Ausgabe Ihres Skriptes zwischenspeichern würden, außer Kraft setzen.
Weiterhin können Sie session_cache_limiter() und die Konfigurationsoption session.cache_limiter verwenden, um die korrekten Header bezüglich Caching automatisch generieren zu lassen, sollten Sie Sessions benutzen.
Anmerkungen
Hinweis: Seit PHP 4 können Sie dieses Problem umgehen, indem Sie Output Buffering benutzen, mit dem Overhead, dass alle Ihre Ausgaben an den Browser gepuffert werden, bis Sie diese senden. Um dies zu tun, verwenden Sie in Ihrem Skript ob_start() und ob_end_flush() oder setzen Sie die Konfigurationsdirektive output_buffering in der php.ini bzw. in den Server-Konfigurationsdateien auf On.
Hinweis: Die HTTP-Status-Headerzeile wird immer die erste zum Client gesendete sein, egal ob der aktuelle header()-Aufruf der erste ist oder nicht. Der Status kann mittels header() jederzeit mit einer neuen Statuszeile überschrieben werden, sofern die HTTP-Header noch nicht gesendet wurden.
Hinweis: Der Microsoft Internet Explorer 4.01 hat einen Bug, der diese Funktionalität verhindert, und es gibt keinen Workaround. Auch im Microsoft Internet Explorer 5.5 existiert ein Bug, der dies behindert, dieser kann jedoch mittels eines Upgrades auf Service Pack 2 oder höher behoben werden.
Hinweis: Ist safe mode aktiviert, wird die UID des Skriptes dem realm-Teil des Headers WWW-Authenticate (für HTTP Authentifizierung verwendet) hinzugefügt, sollten Sie diesen Header setzen.
Hinweis: HTTP/1.1 verlangt einen absoluten URI inklusive dem Schema, Hostnamen und absoluten Pfad als Argument von » Location:, aber manche Clients akzeptieren auch relative URIs. Gewöhnlich können Sie mittels $_SERVER['HTTP_HOST'], $_SERVER['PHP_SELF'] und dirname() aus einem relativen Link einen absoluten URI selbst erstellen:
<?php
/* Redirect auf eine andere Seite im aktuell angeforderten Verzeichnis */
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = 'mypage.php';
header("Location: http://$host$uri/$extra");
exit;
?>
Hinweis: Die Session-ID wird nicht mit dem Location-Header übermittelt, selbst wenn session.use_trans_sid eingeschaltet ist. Sie muss daher manuell durch Verwendung der SID-Konstante hinzugefügt werden.
Siehe auch
- headers_sent() - Prüft, ob oder wo die Header bereits gesendet wurden
- setcookie() - Sendet ein Cookie
- The section on HTTP authentication
add a note
User Contributed Notesheader
fgif2 at yahoo dot fr
10-Jun-2009 01:30
10-Jun-2009 01:30
andre at luyer dot nl
17-May-2009 09:38
17-May-2009 09:38
The loaction header must contain an absolute URI!!
See note above "Note: HTTP/1.1 requires an absolute URI as argument to » Location".
Thus:
<?php header("Location: /home.php"); ?>
is wrong, but most browsers will follow it correctly (hence the common mistake).
This is correct:
<?php
header("Status: 301"); # 301 Moved Permanently
header("Location: http://{$_SERVER['SERVER_NAME']}/home.php");
exit;
?>
pineapplecharm at gmail dot com
03-Apr-2009 10:40
03-Apr-2009 10:40
I've just discovered that Chrome doesn't perform a Location: instruction unless it gets a Status: first. It's also sensitive to capitalisation.
<?php
header("Status: 200");
header("Location: /home.php");
exit;
?>
Jamesb
08-Mar-2009 02:25
08-Mar-2009 02:25
Here is a php script I wrote to stream a file and crypt it with a xor operation on the bytes and with a key :
The encryption works very good but the speed is decrease by 2, it is now 520KiB/s. The user is now asked for a md5 password (instead of keeping it in the code directly). There is some part in French because it's my native language so modify it as you want.
<?php
// Stream files and encrypt the data on-the-fly
// Settings
// -- File to stream
$file = "FILE_out";
// -- Reading buffer
$bufferlength = 3840;
// -- Key in hex
//$keychar = "9cdfb439c7876e703e307864c9167a15";
// Function: Convertion hex key in a string into binary
function hex2bin($h) {
if (!is_string($h)) return null;
$r = array();
for ($a=0; ($a*2)<strlen($h); $a++) {
$ta = hexdec($h[2*$a]);
$tb = hexdec($h[(2*$a+1)]);
$r[$a] = (int) (($ta << 4) + $tb);
}
return $r;
}
// Function to send the auth headers
function askPassword($text="Enter the password") {
header('WWW-Authenticate: Basic realm="'. utf8_decode($text) .'"');
header('HTTP/1.0 401 Unauthorized');
return 1;
}
// Key is asked at the first start
if (!isset($_SERVER['PHP_AUTH_PW'])) {
askPassword();
echo "Une clé est nécessaire !<br />";
exit;
}
// Get the key in hex
$keychar = $_SERVER['PHP_AUTH_PW'];
// Convert key and set the size of the key
$key = hex2bin($keychar);
$keylength = count($key);
// Teste si la clé est valide en hex
if ($key == "" || $keylength <= 4) {
askPassword("Clé incorrecte !");
//echo "Clé incorrecte !<br />";
exit();
}
// Teste si la clé est de longueur d'une puissance de 2
if ( ($keylength%2) != 0) {
askPassword("Clé de longueur incorrecte (multiple de 2 uniquement)");
//echo "Clé de longueur incorrecte (puissance de 2 uniquement)<br />";
exit();
}
// Headers
header("Content-Type: application/octet-stream; ");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . filesize($file) ."; ");
header("filename=\"".$file."\"; ");
flush(); // this doesn't really matter.
// Opening the file in read-only
$fp = fopen($file, "r");
while (!feof($fp))
{
// Read a buffer size of the file
$buffer = fread($fp, $bufferlength);
$j=0;
for ($i=0; $i < $bufferlength; $i++) {
// The key is read in loop to crypt the whole file
if ($i%$keylength == 0) {
$j=0;
}
// Apply a xor operation between the key and the file to crypt
// This operation eats a lots of CPU time (Stream at 1MiB/s on my server; Intel E2180)
$tmp = pack("C", $key[$j]);
$bufferE = ( $buffer[$i]^$tmp); // <==== Le fameux XOR
/*
echo "<br />key[".$j."]: ";
var_dump($tmp);
echo "<br />buffer[".$i."]: ";
var_dump($buffer[$i]);
echo "<br />bufferE: ";
var_dump($bufferE);
echo "<br />";
//*/
// Send the encrypted data
echo $bufferE;
// Clean the memory
$bufferE = "";
$j++;
}
$buffer = "";
flush(); // this is essential for large downloads
/*
fclose($fp);
exit();
//*/
}
// Close the file and it's finished
fclose($fp);
?>
rbawaskar at gmail dot com
08-Mar-2009 07:17
08-Mar-2009 07:17
Found this script after much despair, should be useful to lot of people.
To submit a form using POST method through PHP, just add the data to be posted as header. This essentially saves one extra html page sent to the browser when user has to be redirected. Mostly found this technique useful for redirecting to payment gateways.
<?php
$host = "www.example.com";
$path = "/path/to/script.php";
$data = "data1=value1&data2=value2";
$data = urlencode($data);
header("POST $path HTTP/1.1\r\n" );
header("Host: $host\r\n" );
header("Content-type: application/x-www-form-urlencoded\r\n" );
header("Content-length: " . strlen($data) . "\r\n" );
header("Connection: close\r\n\r\n" );
header($data);
?>
info at vanylla dot it
11-Feb-2009 09:05
11-Feb-2009 09:05
WARNING:
In order to make Internet Explorer 6 (probably also 7) not to cache pages you should use only these headers:
header("Cache-Control: no-cache");
header("Expires: -1");
as suggested by Microsoft itself [source: http://support.microsoft.com/kb/234067]
if you add all the headers suggested in "Example #2 Caching directives" above:
header("Cache-Control: no-cache, must-revalidate");
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
IE browser goes on CACHING THE PAGE!!!
nullhility at gmail dot com
07-Feb-2009 01:15
07-Feb-2009 01:15
I ran into problems when trying to get php to use a transparent ErrorDocument redirect.
My document root .htaccess was set up to redirect select error codes to error.php which tests against $_SERVER['REDIRECT_STATUS'] and templates a document based on the status code.
I had hoped to raise a 404 after a mysql query turned up empty (fyi; before output had started) but page output continued "normally", ie incorrectly.
Because this was inside a template class I was able to manually change the template's include file and $_SERVER['REDIRECT_STATUS'] to output the desired result. I wasn't actually sure if header() worked or not because apache2 has already returned 200 OK after which any header change would only affect the browser, wouldn't it?
I have read about header() working with apache redirects before, is this still available with apache2? Here's some code just to explain the concept:
<?php
class page_template
{
$include_file;
//...
function getData ()
{
try {
//...
if ($result->num_rows == 0) {
throw new MysqlException("Empty result set");
}
//...
} catch (MysqlException $e) {
if ($e->getMessage() == "Empty result set") {
header("HTTP/1.0 404 Not Found");
header("Status: 404 Not Found");
//the below two lines fixed the issue for me
$_SERVER['REDIRECT_STATUS'] = 404;
$this->template_file = $_SERVER['DOCUMTENT_ROOT'].'error.php';
}
}
}
?>
eonrglez at gmail dot com
07-Jan-2009 11:11
07-Jan-2009 11:11
When you are trying to download a file using PHP it´s important to take into acount the definition of de Header element.
I have seen various examples where the people use a
<?php
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=\"".$filename."\";");
?>
however in adition to this is important add the definition of the cache because if you dont do it you will have problems with some navigators for example IE 7.0 under https protocol will show you a message saying that the file is not available.
here is a working example:
<?php
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false);
header ( "Content-Type: $filedatatype" );
header("Content-Disposition: attachment; filename=\"".$FileObj->name."\";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".$filesize);
readfile($file);
exit;
?>
where $filedatatype is the data type of the file for example:
application/pdf
AllportPC
03-Jan-2009 02:30
03-Jan-2009 02:30
If using header in Safari, make sure you use complete pahge names. For example, we were using
<?php
header("Location: ?mng=" . $_GET['mng']);
?>
but it didnt work in Safari so we are using this
<?php
header("Location: index.php?mng=" . $_GET['mng']);
?>
bebertjean at yahoo dot fr
05-Dec-2008 02:46
05-Dec-2008 02:46
If using the 'header' function for the downloading of files, especially if you're passing the filename as a variable, remember to surround the filename with double quotes, otherwise you'll have problems in Firefox as soon as there's a space in the filename.
So instead of typing:
<?php
header("Content-Disposition: attachment; filename=" . basename($filename));
?>
you should type:
<?php
header("Content-Disposition: attachment; filename=\"" . basename($filename) . "\"");
?>
If you don't do this then when the user clicks on the link for a file named "Example file with spaces.txt", then Firefox's Save As dialog box will give it the name "Example", and it will have no extension.
See the page called "Filenames_with_spaces_are_truncated_upon_download" at
http://kb.mozillazine.org/ for more information. (Sorry, the site won't let me post such a long link...)
jamie
01-Dec-2008 04:57
01-Dec-2008 04:57
The encoding of a file is discovered by the Content-Type, either in the HTML meta tag or as part of the HTTP header. Thus, the server and browser does not need - nor expect - a Unicode file to begin with a BOM mark. BOMs can confuse *nix systems too. More info at http://unicode.org/faq/utf_bom.html#bom1
On another note: Safari can display CMYK images (at least the OS X version, because it uses the services of QuickTime)
mzheng[no-spam-thx] at ariba dot com
23-Oct-2008 05:50
23-Oct-2008 05:50
For large files (100+ MBs), I found that it is essential to flush the file content ASAP, otherwise the download dialog doesn't show until a long time or never.
<?php
header("Content-Disposition: attachment; filename=" . urlencode($file));
header("Content-Type: application/force-download");
header("Content-Type: application/octet-stream");
header("Content-Type: application/download");
header("Content-Description: File Transfer");
header("Content-Length: " . filesize($file));
flush(); // this doesn't really matter.
$fp = fopen($file, "r");
while (!feof($fp))
{
echo fread($fp, 65536);
flush(); // this is essential for large downloads
}
fclose($fp);
?>
Pr Ahrn
23-Oct-2008 12:39
23-Oct-2008 12:39
Set a fast ETAG:
<?php
$fp = fopen($_SERVER["SCRIPT_FILENAME"], "r");
$etag = md5(serialize(fstat($fp)));
fclose($fp);
header('Etag: '.$etag);
?>
shutout2730 at yahoo dot com
22-Aug-2008 08:57
22-Aug-2008 08:57
It is important to note that headers are actually sent when the first byte is output to the browser. If you are replacing headers in your scripts, this means that the placement of echo/print statements and output buffers may actually impact which headers are sent. In the case of redirects, if you forget to terminate your script after sending the header, adding a buffer or sending a character may change which page your users are sent to.
This redirects to 2.html since the second header replaces the first.
<?php
header("location: 1.html");
header("location: 2.html"); //replaces 1.html
?>
This redirects to 1.html since the header is sent as soon as the echo happens. You also won't see any "headers already sent" errors because the browser follows the redirect before it can display the error.
<?php
header("location: 1.html");
echo "send data";
header("location: 2.html"); //1.html already sent
?>
Wrapping the previous example in an output buffer actually changes the behavior of the script! This is because headers aren't sent until the output buffer is flushed.
<?php
ob_start();
header("location: 1.html");
echo "send data";
header("location: 2.html"); //replaces 1.html
ob_end_flush(); //now the headers are sent
?>
sk89q
17-Aug-2008 08:41
17-Aug-2008 08:41
You can use HTTP's etags and last modified dates to ensure that you're not sending the browser data it already has cached.
<?php
$last_modified_time = filemtime($file);
$etag = md5_file($file);
header("Last-Modified: ".gmdate("D, d M Y H:i:s", $last_modified_time)." GMT");
header("Etag: $etag");
if (@strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) == $last_modified_time ||
trim($_SERVER['HTTP_IF_NONE_MATCH']) == $etag) {
header("HTTP/1.1 304 Not Modified");
exit;
}
?>
Orca8767
11-Jul-2008 03:35
11-Jul-2008 03:35
Note that if you don't want to go through the process of making sure that there is no output before you send a header, you can use
<?php
ob_start();
?>
at the beginning of your page.
This starts the output buffer, which allows you to send headers whenever you feel like it. Make sure that you put it at the BEGINNING, after the first php tag.
It allows you to do something like
<?php
ob_start();
echo 'foo';
header("Status: 404 Not Found");
echo 'bar';
?>
kc8yds at gmail dot com
08-Jul-2008 06:14
08-Jul-2008 06:14
if you use php to create custom error pages (such as header('HTTP/1.1 500 Internal Server Error');) Internet Explorer ignores you custom page unless it is at least 512 (or sometimes 1024 bytes)
IE ignores custom error pages that are less than 512 (or from what i've read 1024) bytes.
just place this before any output on your custom error page--- and be sure that your custom error page includes proper html tags (it must have a </body> for this specific example to work)
<?php
// set your custom error header --- example --- header('HTTP/1.1 503 Service Unavailable');
function padding($html){
return ($padding=1024-ob_get_length()) > 0 ? str_replace('</body>','<!--'. ($padding>8?str_repeat(' ',$padding-8) :null ).'-->'."\n".'</body>',$html) : $html;
}
ob_start('padding');
?>
and then place this somewhere within the html error page output
<!-- ---- -->
that will auto-adjust to pad the file to 1024 bytes to override the default Internet Explorer error pages.
Yasser Khan (MYKSP)
03-Jul-2008 05:34
03-Jul-2008 05:34
To get PHP to load a PDF (for example) from file, use the following code.
<?php
$filename = $_SERVER['DOCUMENT_ROOT'] . "/path/to/file/my_file.pdf";
header("Cache-Control: public");
header("Content-Description: File Transfer");
header('Content-disposition: attachment; filename='.basename($filename));
header("Content-Type: application/pdf");
header("Content-Transfer-Encoding: binary");
header('Content-Length: '. filesize($filename));
readfile($filename);
?>
stevenwebster at gmail dot com
27-May-2008 04:56
27-May-2008 04:56
These functions turn on SSL, and turn off SSL. The Redirect function is also good to use for all redirects... tries PHP, then Java, then HTML for redirects.
Here are the improved functions... had an error in the one I posted yesterday if you guys could please delete that one.
<?php
//This works in 5.2.3
//First function turns SSL on if it is off.
//Second function detects if SSL is on, if it is, turns it off.
//==== Redirect... Try PHP header redirect, then Java redirect, then try http redirect.:
function redirect($url){
if (!headers_sent()){ //If headers not sent yet... then do php redirect
header('Location: '.$url); exit;
}else{ //If headers are sent... do java redirect... if java disabled, do html redirect.
echo '<script type="text/javascript">';
echo 'window.location.href="'.$url.'";';
echo '</script>';
echo '<noscript>';
echo '<meta http-equiv="refresh" content="0;url='.$url.'" />';
echo '</noscript>'; exit;
}
}//==== End -- Redirect
//==== Turn on HTTPS - Detect if HTTPS, if not on, then turn on HTTPS:
function SSLon(){
if($_SERVER['HTTPS'] != 'on'){
$url = "https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
redirect($url);
}
}//==== End -- Turn On HTTPS
//==== Turn Off HTTPS -- Detect if HTTPS, if so, then turn off HTTPS:
function SSLoff(){
if($_SERVER['HTTPS'] == 'on'){
$url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
redirect($url);
}
}//==== End -- Turn Off HTTPS
?>
milin_mestry at yahoo dot com
23-May-2008 09:54
23-May-2008 09:54
Hi,
I was trying to save the '.xls' on user machine, which works correctly on
Firefox(developer friendly) but not on Microsoft's IE(Microsoft friendly);
after searching on the net, i found this code which works on both the browser.
Source link: http://www.webdeveloper.com/forum/archive/index.php/t-30248.html
here is the code:
-------------------------
<?php
// downloading a file
$filename = $_GET['path'];
// fix for IE catching or PHP bug issue
header("Pragma: public");
header("Expires: 0"); // set expiration time
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
// browser must download file from server instead of cache
// force download dialog
header("Content-Type: application/force-download");
header("Content-Type: application/octet-stream");
header("Content-Type: application/download");
// use the Content-Disposition header to supply a recommended filename and
// force the browser to display the save dialog.
header("Content-Disposition: attachment; filename=".basename($filename).";");
/*
The Content-transfer-encoding header should be binary, since the file will be read
directly from the disk and the raw bytes passed to the downloading computer.
The Content-length header is useful to set for downloads. The browser will be able to
show a progress meter as a file downloads. The content-lenght can be determines by
filesize function returns the size of a file.
*/
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($filename));
@readfile($filename);
exit(0);
?>
kenaniah at bestphp dot net
15-May-2008 08:51
15-May-2008 08:51
If you are looking to send files such as PDFs or Excel spreadsheets or Microsoft Office documents and are having issues with IE7, IE6, or IE5.5 not being able to open/download the files over an SSL connection, but still need not allow caching, then set these two headers:
<?php
header("Cache-Control: maxage=1"); //In seconds
header("Pragma: public");
?>
Granted, this will cache your file for one second, but it's as close to an un-cached download as you can get when using IE over SSL.
Some basic info on the issue can be found here: http://support.microsoft.com/kb/812935
Patrick
08-May-2008 02:56
08-May-2008 02:56
If you come across cache error (when trying to cache your images or other files) like this:
[code=CACHE_FILL_OPEN_FILE] An internal error prevented the object from being sent to the client and cached. Try again later.
You may try sending Cache-Control: private header at the beginning to sort that out
header('Cache-Control: private');
cduke420 at gmail dot com
02-May-2008 08:33
02-May-2008 08:33
If you have Apache, you can setup your ErrorDocument to point
to a php file that instructs search engines to try again in 120 seconds.
This can be helpful when you are doing maintenance on the site.
Then in .htaccess
ErrorDocument 503 /cgi-bin/503.php
ErrorDocument 500 /cgi-bin/503.php
<?php
ob_start();
@header("HTTP/1.1 503 Service Temporarily Unavailable");
@header("Status: 503 Service Temporarily Unavailable");
@header("Retry-After: 120");
@header("Connection: Close");
?><!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>503 Service Temporarily Unavailable</title>
</head><body>
<h1>Service Temporarily Unavailable</h1>
<p>The server is temporarily unable to service your
request due to maintenance downtime or capacity
problems. Please try again later.</p>
</body></html><?php
$g=ob_get_clean();
echo $g;
exit;
exit();
?>
See:
http://askapache.com/htaccess/503-service-temporarily-unavailable.html
gilthans at nospam dot gmail dot com
21-Mar-2008 07:16
21-Mar-2008 07:16
I've been having trouble with a simple page that simply redirects the page elsewhere. Even the simple:
<?php
Header("Location: http://www.google.com/");
?>
Wouldn't work ("Warning: Headers already sent!").
After double checking for extra spaces, I found out that because I saved the file as a UTF-8 file, and the page wasn't loaded as a UTF-8 page, so some weird character was prepended to the page. After saving the file as a windows-1252 file it worked ok. Hope this someone some headaches.
blinki bill
12-Feb-2008 05:33
12-Feb-2008 05:33
if you are planing to make a download script like this one:
<?php
$mm_type="application/octet-stream";
header("Cache-Control: public, must-revalidate");
header("Pragma: hack");
header("Content-Type: " . $mm_type);
header("Content-Length: " .(string)(filesize($fullpath)) );
header('Content-Disposition: attachment; filename="'.$filename.'"');
header("Content-Transfer-Encoding: binary\n");
readfile($fullpath);
?>
you will notice that the zip files becomes invalid after download, thats because all files downloaded starts with empty line which is a problem for the zip files
This can be fixed with adding ob_start() at the beginning of the script and od_end_clean() just before the readfile()
henfiber at gmail dot com
04-Dec-2007 02:19
04-Dec-2007 02:19
Is there a serious problem with utf8 encoding?
Answer: no- utf8 with bom is a problem..
I spent about 10 hours trying every tip or fix suggested by users to fix the problem with " headers already sent ".
Finally I found the problem with a hex editor.
As it is previously mentioned header() should be the first statement. Moreover php opening and closing tags should be clean of spaces:
So something like this should work:
<?php
header('something ..');
?>
I had applied an authentication scheme to my pages using sessions. The encoding of my files was "utf-8". Though I
tried cleaning everything about spaces,tabs and other dirt through my code, I kept getting these " headers already sent errors..". The problem was in utf-8 encoding ( I don't mean the meta:http-equiv=" charset='utf-8' tag but the actual encoding of my file.) When I changed to ANSI everything worked. Actually the utf-8 encoding added three characters at the start of my file : ο»Ώ. This is called bom in utf-8. So if you are going to use utf-8 encodings to your pages and need to put php header code in these pages choose to save "utf8 without bom". (I hope your editor has such an option - I use notepad++ in win32 )
Hope it helps..
bholbrook at servillian dot com
07-Nov-2007 06:06
07-Nov-2007 06:06
The first element of the header (i.e. "Location") is case sensitive depending on the browser. In IE7, <?php header("location:http://www.url.com"); ?> does not work as expected whereas <?php header ("Location:http://www.ulr.com"); ?> does work as expected.
For a full list of headers and their values go here: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
ik at dynamique dot nl
07-Nov-2007 03:52
07-Nov-2007 03:52
If you want your download script to work in Safari you'll have to print quotation marks around the filename:
header('Content-Disposition: attachment; filename="'.$fileName.'"');
,otherwise Safari will just save the file as 'scriptname.php'.
Aleks
07-Nov-2007 02:06
07-Nov-2007 02:06
I recently had a hair-threatening problem with Firefox and XHTML 1.0 transitional.
It worked fine with other browsers, and also with HTML 4.1.
To cut a long story short, PHP-generated JS and CSS files were still being reported by the headers as text/html, while in the HTML they were text/css and application/javascript; Firefox having been told the page was XHTML 1.0 became anal-retentive and refused to style the page. (I think the JS still worked but I fixed it anyway.)
Solution:
header('Content-type: text/css');
and
header('Content-type: application/javascript');
Dylan at WeDefy dot com
13-Oct-2007 05:17
13-Oct-2007 05:17
A quick way to make redirects permanent or temporary is to make use of the $http_response_code parameter in header().
<?php
// 301 Moved Permanently
header("Location: /foo.php",TRUE,301);
// 302 Found
header("Location: /foo.php",TRUE,302);
header("Location: /foo.php");
// 303 See Other
header("Location: /foo.php",TRUE,303);
// 307 Temporary Redirect
header("Location: /foo.php",TRUE,307);
?>
The HTTP status code changes the way browsers and robots handle redirects, so if you are using header(Location:) it's a good idea to set the status code at the same time. Browsers typically re-request a 307 page every time, cache a 302 page for the session, and cache a 301 page for longer, or even indefinitely. Search engines typically transfer "page rank" to the new location for 301 redirects, but not for 302, 303 or 307. If the status code is not specified, header('Location:') defaults to 302.
ryanhanekamp at yahoo dot com
11-Aug-2007 11:10
11-Aug-2007 11:10
I strongly recommend the "Live HTTP Headers" plugin for Firefox for any work when manually setting headers. (Find it in the addons section on mozilla.com) This allows you to see the headers your PHP script and server are sending, plus Firefox's request headers.
One important thing to note is a conflict with many of the scripts here, including in lasitha dot alawatta's Excel post just a few below me, is that sending multiple headers of the same type from your script does not actually cause multiple lines of output to the browser, at least for the version of PHP5 I'm running, and it's doubtful the browser would process any other than the last line anyhow.
So sending multiple "Pragma: " or "Cache-Control: " headers results in only the last one set in your script to actually be sent.
Also, it's already been pointed out, but setting "Cache-Control: Pre-Check=0, Post-Check=0" does absolutely nothing. I believe only MSIE even uses these values and it specifically IGNORES both of them when both are set to zero.
I've actually had more trouble trying to encourage caching than preventing it, because PHP sends "Cache-Control" and "Pragma" headers either always or at least always with sessions on (and I always have sessions on). The trick is to always send BOTH "Cache-Control" and "Pragma" because if they conflict it's completely up to the browser to resolve. And if you have a custom server in PHP like I'm working on right now, you'll need to sniff for $_SERVER['IF-MODIFIED-SINCE'] and serve up "HTTP/1.1 304 Not Modified" as appropriate.
If you are doing something like this and want to ensure caching of static files, the best way I found was to give an honest "Last-Modified", set an "Expires:" a reasonable time in the future (a few minutes through the year 2038, depending on what you're doing), set "Cache-Control" to "private" or "public", and stay away from "Max-Age".
Kal
29-Jul-2007 10:07
29-Jul-2007 10:07
I spent a long time trying to determine why Internet Explorer 7 wasn't prompting the user to save a download based on the filename specified on a "'Content-Disposition: attachment; filename=..." header line.
I eventually determined that my Apache installation was adding an additional header: "Vary: Host", which was throwing IE - as per http://support.microsoft.com/kb/824847
I found manually setting the Vary header from within PHP as follows header('Vary: User-Agent'); allowed IE to behave as intended.
Hope this saves someone else some time,
- Kal
lasitha dot alawatta at gmail dot com
29-Jul-2007 07:15
29-Jul-2007 07:15
Create MS-Excel file:
<?php
$export_file = "my_name.xls";
ob_end_clean();
ini_set('zlib.output_compression','Off');
header('Pragma: public');
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header('Last-Modified: '.gmdate('D, d M Y H:i:s') . ' GMT');
header('Cache-Control: no-store, no-cache, must-revalidate'); // HTTP/1.1
header('Cache-Control: pre-check=0, post-check=0, max-age=0'); // HTTP/1.1
header ("Pragma: no-cache");
header("Expires: 0");
header('Content-Transfer-Encoding: none');
header('Content-Type: application/vnd.ms-excel;'); // This should work for IE & Opera
header("Content-type: application/x-msexcel"); // This should work for the rest
header('Content-Disposition: attachment; filename="'.basename($export_file).'"');
?>
jasper at jtey dot com
12-Jul-2007 04:30
12-Jul-2007 04:30
If you are finding that header() is not working for no obvious reason, make use of the headers_sent() function to drill down to the cause of the problem.
Consider the following scenario,
<?php
// Sign out
signOut();
// Redirect back to the main page
header("Location: http://mysite.com/mainpage");
?>
If for some reason, the header() call to redirect is not working, there won't be any error messages, making it difficult to debug. However, using headers_sent(), you may easily find the source of the problem.
<?php
// Sign out
signOut();
/*
* If headers were already sent for some reason,
* the upcoming call to header() will not work...
*/
if(headers_sent($file, $line)){
// ... where were the mysterious headers sent from?
echo "Headers were already sent in $file on line $line...";
}
// Redirect back to the main page
header("Location: http://mysite.com/mainpage");
?>
As the documentation states, "header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP." In the above debugging solution, you will find out exactly where any of these problematic output or blank lines exist. You should then be able to resolve the issues with much more ease than if you hunted for the problems aimlessly.
greg dot jones at senokian dot com
21-Jun-2007 06:16
21-Jun-2007 06:16
In case anyone else is having trouble:
using a web-server behind the pound load balancer, we found that trying to redirect to https://example.com for requests to http://example.com were getting into an infinite loop because pound, by default, 'fixes' changes of protocol for you. You want to set RewriteLocation to 0 to turn this behaviour off.
nobileelpirata at hotmail dot com
03-Jun-2007 12:04
03-Jun-2007 12:04
This is the Headers to force a browser to use fresh content (no caching) in HTTP/1.0 and HTTP/1.1:
<?PHP
header( 'Expires: Sat, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
?>
Jean-Pierre
27-May-2007 01:21
27-May-2007 01:21
You can use the Header command to force a browser to use fresh content (no caching).
However, this only works for the HTML code your code generates. When you have updated images for example (with the same filename) then there's a chance that these are still cached.
The easiest way to solve this problem I found is changing:
<?php
print "<img src='yourfile.jpg'>";
?>
into:
<?php
print "<img src='yourfile.jpg?".time()."'>";
?>
This adds an unique number to the url and wont hurt at all.
greg d0t pwpp 4t gmail d0t com
02-May-2007 10:53
02-May-2007 10:53
More on downloading files...
Here's a slight improvement to the method provided by Nick Sterling.
I tried this and it works great, but using fopen ran into memory limit problems.
By using readfile($filename), I solved this problem without having to change the ini settings.
readfile() reads a file and writes it to the output buffer.
Here's my version of the code:
<?php
$filename = "theDownloadedFileIsCalledThis.mp3";
$myFile = "/absolute/path/to/my/file.mp3";
$mm_type="application/octet-stream";
header("Cache-Control: public, must-revalidate");
header("Pragma: hack"); // WTF? oh well, it works...
header("Content-Type: " . $mm_type);
header("Content-Length: " .(string)(filesize($myFile)) );
header('Content-Disposition: attachment; filename="'.$filename.'"');
header("Content-Transfer-Encoding: binary\n");
readfile($myFile);
?>
Hayley Watson
28-Dec-2006 02:15
28-Dec-2006 02:15
As an alternative to using header('Content-Type: ****') on almost every page, the default Content-Type (and character set, too, if needed) can be set in php.ini under the "default_mimetype" and "default_charset" entries.
mailforlindsay at gmail dot com
15-Nov-2006 11:00
15-Nov-2006 11:00
Careful! This line of code cause IIS to crash on PHP 4.3.4 and maybe others.
<?php
header("location:/currentfile.php");
// forward slash causes crash
// currentfile.php is the exact basename of this file
?>
Learned this the hard way.
customizeit at pinstripe dot com
07-Nov-2006 06:43
07-Nov-2006 06:43
When messing with custom headers, it is extremely helpful to make sure that they are actually sent to the server. Nothing is more frustrating than discovering that some custom header was improperly formatted or not sent at all. There is an Internet Explorer add-in called ieHTTPHeaders that I've found to be immensely useful:
http://www.blunck.info/iehttpheaders.html
Firefox (and Mozilla) users can use an equivalent tool/plugin called LiveHTTPHeaders:
http://livehttpheaders.mozdev.org/
kamermans at teratechnologies dot net
12-Oct-2006 02:49
12-Oct-2006 02:49
If you are trying to send image data to a mobile phone from PHP, some models (Motorola RAZOR V3 on Cingular) for whatever reason require the "Last-Modified" header or they will not show the image.
<?php
ob_start();
// assuming you have image data in $imagedata
$length = strlen($imagedata);
header('Last-Modified: '.date('r'));
header('Accept-Ranges: bytes');
header('Content-Length: '.$length);
header('Content-Type: image/jpeg');
print($imagedata);
ob_end_flush();
?>
date('r') produces the date with the numeric timezone offset (-0400) versus Apache, which uses timezone names (GMT), but according to the HTTP/1.1 RFC, dates should be formatted by RFC 1123 (RFC 822) which states: "There is a strong trend towards the use of numeric timezone indicators, and implementations SHOULD use numeric timezones instead of timezone names. However, all implementations MUST accept either notation." (http://www.ietf.org/rfc/rfc1123.txt)
aooa83(a)dsldotpipexdotcom
19-Aug-2006 11:26
19-Aug-2006 11:26
apache_request_headers() is only available if PHP is running as an apache module. Various request header values are available in the $_SERVER array, for example:
$_SERVER["HTTP_IF_MODIFIED_SINCE"]
Gives the if modified date in "Sat, 12 Aug 2006 19:12:08 GMT" format.
hervard at gmail dot com
18-Apr-2006 08:53
18-Apr-2006 08:53
When using HTML forms, using the browser's back button will sometimes display a message regarding using cached data, and will ask you to refresh the page. This can be very disconcerting for some users, as they might not know whether to hit Refresh or not.
To force pages to always load the data that was entered in the form prior to hitting a submit button, and prevent the browser's cache message from displaying, use the following code:
<?php
// Original code found at http://www.mnot.net/cache_docs/
header("Cache-Control: must-revalidate");
$offset = 60 * 60 * 24 * -1;
$ExpStr = "Expires: " . gmdate("D, d M Y H:i:s", time() + $offset) . " GMT";
header($ExpStr);
?>
This will tell the browser that the page will expire in one day, and the cached form data will be used without prompting the user at all.
I have tested this in Internet Explorer 6, Firefox 1.5, and Opera 8.51, and it works as intended. I have tried other cache-control and expiry variants, but they either do not work, or do not work in every browser. This code appears to be a winner.
nick dot b at kingstransport dot com dot au
23-Mar-2006 03:57
23-Mar-2006 03:57
Constructing an absolute URL (for redirecting or other purposes) is full of pitfalls. As well as considering the notes at http://www.php.net/manual/en/function.header.php#63006 and http://www.php.net/manual/en/function.header.php#61746 you need to consider this issue, applicable if you use ProxyPass (in apache).
Example httpd.conf
...
ProxyPass /dir/ http: //10.1.1.1/dir/
...
Member of public ---> Unix/Apache server ---> IIS/PHP server
http: //nick.com/ nick.com myphpsvr.nick.com
dir/phpinfo.php 20.10.5.1 10.1.1.1
When your script is on the IIS/PHP server, browsing from member of public, you will have script variables
<?php
// browsing from member of public
$_SERVER['HTTP_HOST'] == '10.1.1.6';
$_SERVER['HTTP_X_FORWARDED_HOST'] == 'nick.com';
$_SERVER['SERVER_NAME'] == '10.1.1.6';
?>
However, if you browse internally (like, when testing, http: //myphpsrv.nick.com/dir/phpinfo.php), the variables turn out like this
<?php
// browsing from internal, direct
$_SERVER['HTTP_HOST'] == 'myphpsvr.nick.com';
$_SERVER['SERVER_NAME'] == 'myphpsvr.nick.com';
// no $_SERVER['HTTP_X_FORWARDED_HOST']
?>
The point is, you need to test $_SERVER['HTTP_X_FORWARDED_HOST'] and use that in preference to either $_SERVER['HTTP_HOST'] or $_SERVER['SERVER_NAME'].
Nick Bishop.
URL's have intentionally been broken up to stop them being clickable.
mandor at mandor dot net
15-Feb-2006 02:14
15-Feb-2006 02:14
When using PHP to output an image, it won't be cached by the client so if you don't want them to download the image each time they reload the page, you will need to emulate part of the HTTP protocol.
Here's how:
<?php
// Test image.
$fn = '/test/foo.png';
// Getting headers sent by the client.
$headers = apache_request_headers();
// Checking if the client is validating his cache and if it is current.
if (isset($headers['If-Modified-Since']) && (strtotime($headers['If-Modified-Since']) == filemtime($fn))) {
// Client's cache IS current, so we just respond '304 Not Modified'.
header('Last-Modified: '.gmdate('D, d M Y H:i:s', filemtime($fn)).' GMT', true, 304);
} else {
// Image not cached or cache outdated, we respond '200 OK' and output the image.
header('Last-Modified: '.gmdate('D, d M Y H:i:s', filemtime($fn)).' GMT', true, 200);
header('Content-Length: '.filesize($fn));
header('Content-Type: image/png');
print file_get_contents($fn);
}
?>
That way foo.png will be properly cached by the client and you'll save bandwith. :)
denilson at vialink dot com dot br
12-Oct-2005 01:24
12-Oct-2005 01:24
If you want to enable caching of your page, you have two solutions: use Etag or use Last-Modified.
Someone has already posted here the code to use Etag. However, sometimes, it is easier (better) to use Last-Modified. The full code is here:
<?php
function get_http_mdate()
{
return gmdate("D, d M Y H:i:s",filemtime($SCRIPT_FILENAME))." GMT";
}
function check_modified_header()
{
// This function is based on code from http://ontosys.com/php/cache.html
$headers=apache_request_headers();
$if_modified_since=preg_replace('/;.*$/', '', $headers['If-Modified-Since']);
if(!$if_modified_since)
return;
$gmtime=get_http_mdate();
if ($if_modified_since == $gmtime) {
header("HTTP/1.1 304 Not Modified");
exit;
}
}
check_modified_header();
header("Last-Modified: ".get_http_mdate());
?>
The script checks if time from "If-Modified-Since" header is equal to current modified-time. If it is, a 304 code is returned, and PHP exits. If it is not, PHP continues normally.
You may want to change how "get_http_mdate()" function gets the time. You may want to get time from another file, or from somewhere else (like a date field on database).
aarondunlap.com
28-Dec-2004 11:17
28-Dec-2004 11:17
I just made a function to allow a file to force-download (for a script to disallow file links from untrusted sites -- preventing mp3/video leeching on forums), and I realized that a script like that could potentially be very dangerous.
Someone could possibly exploit the script to download sensitive files from your server, like your index.php or passwords.txt -- so I made this switch statement to both allow for many file types for a download script, and to prevent certain types from being accessed.
<?php
function dl_file($file){
//First, see if the file exists
if (!is_file($file)) { die("<b>404 File not found!</b>"); }
//Gather relevent info about file
$len = filesize($file);
$filename = basename($file);
$file_extension = strtolower(substr(strrchr($filename,"."),1));
//This will set the Content-Type to the appropriate setting for the file
switch( $file_extension ) {
case "pdf": $ctype="application/pdf"; break;
case "exe": $ctype="application/octet-stream"; break;
case "zip": $ctype="application/zip"; break;
case "doc": $ctype="application/msword"; break;
case "xls": $ctype="application/vnd.ms-excel"; break;
case "ppt": $ctype="application/vnd.ms-powerpoint"; break;
case "gif": $ctype="image/gif"; break;
case "png": $ctype="image/png"; break;
case "jpeg":
case "jpg": $ctype="image/jpg"; break;
case "mp3": $ctype="audio/mpeg"; break;
case "wav": $ctype="audio/x-wav"; break;
case "mpeg":
case "mpg":
case "mpe": $ctype="video/mpeg"; break;
case "mov": $ctype="video/quicktime"; break;
case "avi": $ctype="video/x-msvideo"; break;
//The following are for extensions that shouldn't be downloaded (sensitive stuff, like php files)
case "php":
case "htm":
case "html":
case "txt": die("<b>Cannot be used for ". $file_extension ." files!</b>"); break;
default: $ctype="application/force-download";
}
//Begin writing headers
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: public");
header("Content-Description: File Transfer");
//Use the switch-generated Content-Type
header("Content-Type: $ctype");
//Force the download
$header="Content-Disposition: attachment; filename=".$filename.";";
header($header );
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".$len);
@readfile($file);
exit;
}
?>
This works in both IE and Firefox.
guvnor
25-Oct-2004 08:38
25-Oct-2004 08:38
One that tripped me up for a while...
When I use PHP sessions, the following headers are sent automatically to force the browser not to cache:
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
If you are having trouble with inline PDFs etc., thses may be causing you problems. As per other notes here if you overwrite these headers before outputting your file, the download problems will go away.
header('Cache-Control:');
header('Pragma:');
If you wish to retain the dynamic content, only send the above if the document you are returning is not HTML.
Its well worth examining your own headers (call your PHP script from another script using get_headers() for instance) before going mad trying to fix something - better still compare the headers from your script with headers from a static web page - it might save you hours of time.
j dot gizmo at aon dot at
28-Sep-2004 11:09
28-Sep-2004 11:09
some browsers always reload stylesheets, javascripts and other seldomnly changing files, which causes nasty delays when loading a website (Safari on MacOS is an example)
to tell the browser to keep files in cache for at least a day, you can use
<?php
header('Expires: ' . gmdate('D, d M Y H:i:s', time()+24*60*60) . ' GMT');
?>
This has the nice sideeffect of telling other browser that never refresh pages to refresh them at least once a day.
PS: i figure this is trivial, but it cost me some headache
ondrew at quick dot cz
17-Sep-2004 02:19
17-Sep-2004 02:19
How to force browser to use already downloaded and cached file.
If you have images in DB, they will reload each time user views them. To prevent this, web server must identify each file with ID.
When sending a file, web server attaches ID of the file in header called ETag.
header("ETag: \"uniqueID\");
When requesting file, browser checks if the file was already downloaded. If cached file is found, server sends the ID with the file request to server.
Server checks if the IDs match and if they do, sends back
header("HTTP/1.1 304 Not Modified");
else
Server sends the file normally.
<?php
$file = getFileFromDB();
// generate unique ID
$hash = md5($file['contents']);
$headers = getallheaders();
// if Browser sent ID, we check if they match
if (ereg($hash, $headers['If-None-Match']))
{
header('HTTP/1.1 304 Not Modified');
}
else
{
header("ETag: \"{$hash}\"");
header("Accept-Ranges: bytes");
header("Content-Length: ".strlen($file['content']));
header("Content-Type: {$mime}");
header("Content-Disposition: inline; filename=\"{$file['filename']}\";");
echo $file['content'];
}
exit();
?>
pete at flifl dot com
20-Jul-2004 01:08
20-Jul-2004 01:08
Is Unicode, UTF-8 and setcookie, session_start at the same time impossible...?
Well, then you might need this...:
1) Keep your source files in ASCII to avoid the Byte Order Mark (BOM) confusion hell when include'ing or require'ing multiple files and avoid cookies not working because of the "header already sent" thing..
2) use this source:
-------->
<?php
header('Content-Type: text/html; charset=utf-8');
header('Set-Cookie: track=978268624934537');
?>
<html>
<head>
<meta http-equiv=Content-Type content="text/html; charset=utf-8" />
<--------
Output through Apache to the browser will be UTF-8 and does not require browser to get page twice and the cookie works.
Your Chinese or cyrillic characters will work and come on out right too, provided you make an input script to put them into mysql using this scheme too.
Seems to me to be the way to use utf-8 with cookies. I hope you like it.
Peter Sierst Nielsen
jp at webgraphe dot com
22-Nov-2003 12:56
22-Nov-2003 12:56
A call to session_write_close() before the statement
<?php
header("Location: URL");
exit();
?>
is recommended if you want to be sure the session is updated before proceeding to the redirection.
We encountered a situation where the script accessed by the redirection wasn't loading the session correctly because the precedent script hadn't the time to update it (we used a database handler).
JP.
manuzhai dot REMOVE dot THIS at php dot net
18-Nov-2003 12:00
18-Nov-2003 12:00
If you are using a redirect to an ErrorDocument, you may want to prefix your output with header("HTTP/1.0 200 OK"); to make sure automated clients don't think your file wasn't found.
emmett_the_spam at yahoo dot com
04-Nov-2003 02:17
04-Nov-2003 02:17
This is a heads-up not just for php, but for any method of creating a 302 redirect. Mac IE 5.1.4 (osx) has a serious bug when it comes to the 302.
Say you have a form post page A with action pointing to a submit page B, and the submit page B processes and sends a 302 redirect back to the form page A. All works fine with that part. Now hit refresh while on page A, and the last form POST is suddenly delivered to page A!
This can be a very confusing bug to deal with, depending on how your code handles incoming post data. It could also be potentially very dangerous in terms of data loss, if it occurs within database administration pages (where I ran into it). What you may want to do is plan your site so that the form page itself never needs to read POST data, and then ignore all POST data. Either that, or in the location url from your header function add a query argument such as "nopost=1" which, when present, indicates to your page A code to ignore the POST data.
I've tested with Firebird Mac/PC, and IE6 on PC, and those browsers do not exhibit this behaviour.
bMindful at fleetingiamge dot org
01-Jun-2003 12:08
01-Jun-2003 12:08
If you haven't used, HTTP Response 204 can be very convenient. 204 tells the server to immediately termiante this request. This is helpful if you want a javascript (or similar) client-side function to execute a server-side function without refreshing or changing the current webpage. Great for updating database, setting global variables, etc.
header("status: 204"); (or the other call)
header("HTTP/1.0 204 No Response");
dadarden_nospamola at iti2 dot nospamola dot net
20-Jul-2002 02:38
20-Jul-2002 02:38
If you use session_start() at the top of a php script that also has header() calls later in the script for a file download then you must add some form of cache control for IE to work properly. I use header('Cache-Control: public'); immediately after the code at the top of the script with the session_start() call that verifies that I have a properly logged in user. That allows the header() and fpassthru() calls to download a file later in the script using IE 5.5 SP2.