In progress.


Various improvements to site flow and provision of information, with particular emphasis on error pages, the login cycle and HTTP headers information.

Style guidelines

Access checking

Check for access in this order:

  1. check if feature is enabled
  2. (if anonymous access is not permitted) check isset($user)
  3. check permissions

Rationale: No point in telling a user they aren't logged in, only to then tell them that the feature is disabled when they try again after they are logged in. isset($user) can be thought of as a generic permission - we check more generic (catch-all) permissions first, working towards the more specific ones for optimisation purposes.


$errortype - not set (default) or 404 for a "not found" error page
$errortitle - the title to use at the top of the error box in the centre column
$headtitle - (part of) the title to use in the browsers' title bar.



  • provide alternative layouts for error pages, search pages (committed), modules and login pages
  • check every use of location, referer and error.tpl
  • provide login box redirection for !$user
  • try harder to find the right document or part of site on invalid URL / HTTP 404
  • no-cache for installer and other temporary pages
  • 404 headers for installed





Feel free to add to this document, post comments or send me/us private messages.

Page last modified on Saturday 12 February 2005 00:45:26 GMT-0000

Upcoming Events

No records to display