PHP/JavaScript - Browser Details/Security and more

[safernetworks]

This is a clearly overworked issue from my previous post in how to obtain screen/window/document
width and height in JavaScript for passing to PHP by cookie.

I have since revised the whole code again as it was having a major bug in the loading
of the first page and for some obscure reason, it never seemed to reload as it should.

I have also added three more elements to the context of this code.

Please read below for all updates, revisions and included functionality.


The code consists of four (4) pages in total, whereof the index.php file is a sample on how you can use the other three.

The required lines for this to function are found in lines

1-3, 5, 7 , 16-18 of the index file. (8 lines in total)

The rest in the index are fillers to explain the document details and functions.

It is Imperative that you include the lines in their proper place,

1-3 before the header of the document.
5 and 7 are part of the head and body tag.
16-18 at any place after issuing the OnLoad in the body tag

--------------------

index.php contents
================

PHP Code:

<?php
 require_once "whlib.php";
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><script type="text/javascript" src="whcookie.js"></script>
<title>Width &amp; Height JS-Cookie to PHP</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head><body onload='WHCOOKIE()'>
<?php
/*
This change to the function solves two issues!
A) You dont need to reload the page before using it on the index page of a web site.
B) You can determin immediately, at the position marked //~~// if this user is new to the index!
*/

    if ($_SESSION['AGT']['W']==""){ //if this is not set to proper expected value
  //      SetReloadPoint();        //insert javascript refresh here...
    FirstLoadWH();
    }

    //use the cookie
    echo "Width    : ".$_SESSION['AGT']['W']."<br/>\n";
    echo "Height   : ".$_SESSION['AGT']['H']."<br/>\n";
    echo "User Agent  : ".$_SESSION['AGT']['UAGT']."<br/>\n";
    echo "Remote IP: ".$_SESSION['AGT']['RIP']."<br/>\n";
    echo "Agent type: ".$_SESSION['AGT']['AGTTYP']."<br/>\n";
    if ($_SESSION['AGT']['PS']==1){
        echo "Sneaky, Swapping Proxy IP on us, are we?<br/>\n";
    }else{
        echo "You are not appearing to be swapping Proxy IP on us!<br/>\n";
    }
?>
</body></html>

whlib.php contents
================

PHP Code:

<?php
require_once "uagt.php";
if (session_id() == "") session_start(); // MUST BE FIRST THING WE DO!!!
$sid = session_id();
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Sat, 26 Jul 1997 00:00:00 GMT"); // Date in the past
$SAGT = explode(";",$_COOKIE["WHVAL"]);

    if ($SAGT[0]!=""){
    //proxy surfer check
    //This is only done AFTER first reaceiving a cookie and setting the IP the first time.
    //provided we have received an IP at all.
    $pschk = $_SESSION['AGT']['RIP'];
    if (($pschk != $_SERVER['REMOTE_ADDR']) AND ($pschk != "")){
        $_SESSION['AGT']['PS'] = 1;
    }else{
        $_SESSION['AGT']['PS'] = 0;
    }

        $_SESSION['AGT']['W'] = $SAGT[0];
        $_SESSION['AGT']['H'] = $SAGT[1];
        $_SESSION['AGT']['RIP'] = $_SERVER['REMOTE_ADDR'];
        GetAgentInfo(); //sets the values for...
/*
        $_SESSION['AGT']['UAGT']
        $_SESSION['AGT']['AGTTYP']
*/
    }


/*==============================================================================
Is loaded the first time, as a simple replacement, pulling the users
Screen Width and Height rather than inner browser size.
On the second load of the page, the cookie will be used,
thereby rectifying any issues. at least you have a base value of the users
screen capacity for the website layout options to be set.
==============================================================================*/
function FirstLoadWH(){
  if ($_SESSION['AGT'][0]!=''){
    exit(); //dont do this again as it is set in cookie and read...
  }else{
    if (isset($_GET['W']) AND isset($_GET['H'])) {
        // output the geometry variables
        $_SESSION['AGT']['W'] = $_GET['W'];
        $_SESSION['AGT']['H'] = $_GET['H'];
        $_SESSION['AGT']['RIP'] = $_SERVER['REMOTE_ADDR'];
        GetAgentInfo(); //sets the values for...
/*
        $_SESSION['AGT']['UAGT']
        $_SESSION['AGT']['AGTTYP']
*/
    } else {
        // pass the geometry variables
        // (preserve the original query string
        //   -- post variables will need to handled differently)
        echo "<script language='javascript'>\n";
        echo "  location.href=\"${_SERVER['SCRIPT_NAME']}?${_SERVER['QUERY_STRING']}"
             . "&W=\" + screen.width + \"&H=\" + screen.height;\n";
        echo "</script>\n";
    die();
    }
  }
}

//deprecated functions ommitted from this explanation
?>

whcookie.js contents
================

PHP Code:

<!-- //
function WHCOOKIE(){
  var myWidth = 0, myHeight = 0;
  if( typeof( window.innerWidth ) == 'number' ) {
    //Non-IE
    myWidth = window.innerWidth;
    myHeight = window.innerHeight;
  } else if( document.documentElement && ( document.documentElement.clientWidth || document.documentElement.clientHeight ) ) {
    //IE 6+ in 'standards compliant mode'
    myWidth = document.documentElement.clientWidth;
    myHeight = document.documentElement.clientHeight;
  } else if( document.body && ( document.body.clientWidth || document.body.clientHeight ) ) {
    //IE 4 compatible
    myWidth = document.body.clientWidth;
    myHeight = document.body.clientHeight;
  }
var c_name = "WHVAL";
var WH = myWidth+";"+myHeight;
var expiredays = 1;
var exdate=new Date();
exdate.setDate(exdate.getDate()+expiredays);
document.cookie=c_name+ "=" +escape(WH)+
((expiredays==null) ? "" : ";expires="+exdate.toGMTString());
}
// --> 


uagt.php contents
================

This file is specified as an array checker.
You must download the source to get this, as I will not post a list of 200+ array elements here for the explanation only.

For an example of this script in action or to download the source files, please visit Width & Height JS-Cookie to PHP

Changes made from previous post.
Bug Issue/Quirky Behaviours and some last minute fixes!

1) the session variable has changed name, and instead of using numericals, the sub array is now associative to simplify new users adding this thing to their script.

The new name is $_SESSION['AGT']['????'] where ??? is the associate array name specified for each element.

2) When first loading the script, we have to pass a check back by POST to retrieve the screen width and height on first load.

This is done to compensate for the fact the reload function does not seem to properly function. It either goes in and does nothing or it places itself in a constant recurring loop.

3) When the loading is completed, it will then continue to pull the screen size from the cookie and update a session variable named WH continuosly.

$_SESSION['AGT']['W'] is the Inner Width (or Screen Width * see above)
$_SESSION['AGT']['H'] is the Inner Height (or Screen Height * see above)
$_SESSION['AGT']['UAGT'] is the user Agent beautified name
$_SESSION['AGT']['RIP'] is the visitors remote address (IP number)
$_SESSION['AGT']['AGTTYP'] is a control value indicating the type of browser agent used, if known.
$_SESSION['AGT']['PS'] Is a risk managemet addition.

In the event a user is surfing your domain and suddenly their IP number change but not their session ID, then it is a high likelyhood they are surfing through a proxy channel such as Vidalia. To prevent them using download managers or bypass limitations, you can use this value to check that their IP suddenly doesn't change between requests.

If PS value = 1, then it is suspect. Otherwise the PS value is 0 (zero).

4) To accomodate for the type of agent used, say for instance you dont wish to allow browser bots or e-mail users, or perhaps e-mail sniffers, you can verify the contents in WH[4]. To enable this, I added the file uagt.php to the script.