Unauthorized Users: show them a nice looking page

kaeserea

Hello!

To protect my pages from users who shouldn't see them, I defined a NT group (I use PHP on a IIS under Windows NT 4), that contains all users who are allowed to access my site. I gave "Read" permissions to this group on the folder which contains all php pages. (And the permission is inherited by all php pages.)

It all works great for users who are in the NT group. A user who is not in the group will see different things depending on which URL he uses.

If he uses the URL "http://www.myserver.com/mysite/"
a login window appears. If the user then says "Cancel" the browser gives a standard message "unauthorized" - which isn't really nice. I would like to have the browser show a page I created for this case. Does anybody know how to do this? (not create the page but make the browser show the page.)

If the user uses the URL "http://www.myserver.com/mysite/index.php?AnwId=1"
again a standard output of the browser is shown:
"CGI Error: The specified CGI application misbehaved by not returning a complete set of HTTP headers. The headers it did return are:"
Again I would like to show the user another nice page I created. How can I do this?

Thanx for any help!
Eva

Weedpacket

Right now I'm not bothering to look up and see what return code applies to the "Unauthorised" response - 401 or 403. You can configure your server to use any page you specify when delivering that response, instead of using the standard pages that ship with the server. Haven't used IIS for months now so can't give you all the clicks and menus to find that bit.

kaeserea

Hi Weedpacket.

I'll try that. Probably I will try to make the page desice what to show depending on from which web page the user comes.

Do you know how to solve the other problem - where the CGI Error occurs? Seems that the CGI Error only occurs when the user uses the URL with a concrete page name and not when he uses the URL that end with the folder name.

Eva

Weedpacket

Originally posted by kaeserea
Do you know how to solve the other problem - where the CGI Error occurs?

That's the server saying that PHP couldn't find the script it's asked for. PHP starts up, looks for the file, doesn't find anything and shuts down. The server sees this as a CGI error and reports it as such.

kaeserea

Hi Weedpacket,

that's strange because the script is there. And the error only occurs when a user is not in the NT group that has permissions to read the file.

So the solution would be again to define a page that the server standardly returns when such an error occurs... Or do you see another way to solve this?

Eva

Codewarrior123

that's strange because the script is there. And the error only occurs when a user is not in the NT group that has permissions to read the file.

That's probably not too strange. If you don't have permission to read the file, how is PHP expected to open and run it?

I'm not sure how the system works on IIS, but from what you've described it seems like the PHP executable runs with the user's credentials, or some amalgam.