Reply to comment

osDate Permission Denied Behavior

Sun, 08/16/2009 - 08:14 - peter | |

OsDate has a simple system for allowing only registered, logged-in users view certain pages.  These pages (like userpicgallery.php for instance)  simply include the file "sessioninc.php" right after setting up the session.  Sessioninc.php checks to see whether the user is a registered, logged-in user, and if not, redirects the user to the login page.

This is not the correct behavior in the eyes of search engines, even though it works fine for users.  You'll notice this because in your google webmaster tools console, all the pages that get directed to login will actually appear to be duplicates of the login page.  You should also be sending back a 403 "Permission Denied" in the header, and also instead of redirecting, you should simply display a login link.

Here's my sessioninc.php file that I use instead of the distributed version:


if( (isset($_SESSION['UserId']) && $_SESSION['UserId'] == '') || !isset($_SESSION['UserId']) ) {

header($_SERVER["SERVER_PROTOCOL"]." 403 Permission Denied");

if ($_GET['errid'] != '') {
$t->assign('login_error', get_lang('errormsgs',$_GET['errid']) );
$_GET['errid_message'] = urlencode(get_lang('errormsgs',$_GET['errid']));
} else {
$t->assign('login_error', "Requested Page Is Viewable Only to Site Members" );

$t->assign('rendered_page', $t->fetch('login.tpl') );
$lang['DATE_FORMAT'] = get_lang('DATE_FORMAT');
$t->assign('lang', $lang);
$t->display( 'index.tpl', $config['skin_name'] );
exit (0) ;


The content of this field is kept private and will not be shown publicly.
This question is for clevery testing whether you are a human visitor and to prevent automated spam submissions.
Enter the characters shown in the image.