• ****
  • 267
osDate Permission Denied
« on: February 22, 2013, 10:16:27 PM »
OsDate has a simple system for allowing only registered, logged-in users view certain pages.  These pages (like userpicgallery.php for instance)  simply include the file "sessioninc.php" right after setting up the session.  Sessioninc.php checks to see whether the user is a registered, logged-in user, and if not, redirects the user to the login page.

This is not the correct behavior in the eyes of search engines, even though it works fine for users.  You'll notice this because in your google webmaster tools console, all the pages that get directed to login will actually appear to be duplicates of the login page.  You should also be sending back a 403 "Permission Denied" in the header, and also instead of redirecting, you should simply display a login link.

change in sessioninc.php

Code: [Select]
if( (isset($_SESSION['UserId']) && $_SESSION['UserId'] == '') || !isset($_SESSION['UserId']) ) {

header($_SERVER["SERVER_PROTOCOL"]." 403 Permission Denied");

if (
$_GET['errid'] != '') {
$t->assign('login_error'get_lang('errormsgs',$_GET['errid']) );
$_GET['errid_message'] = urlencode(get_lang('errormsgs',$_GET['errid']));
} else {
$t->assign('login_error'"Requested Page Is Viewable Only to Site Members" );

$t->assign('rendered_page'$t->fetch('login.tpl') );
$lang['DATE_FORMAT'] = get_lang('DATE_FORMAT');
$t->display'index.tpl'$config['skin_name'] );
exit (
0) ;
osdate 2.5.4
Flashchat 4.7
php 5.2.7