Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8
  1. #1
    Regular Coder
    Join Date
    Jan 2006
    Posts
    199
    Thanks
    30
    Thanked 0 Times in 0 Posts

    Detect Real User Agent

    Is there anyway to detect the real user agent using PHP? Not just read the header information using $_SERVER['http_user_agent'] since a lot of bots can fake that information, but is there a way to get past that and find the real user agent?

  • #2
    Junsee
    Guest
    you're going about this the wrong way, detect if an agent is being spoofed first
    then detect the user agent

    But I would use almight Google for this one...
    http://www.strictly-software.com/BrowserObject.asp

  • #3
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Not with PHP there isn't. PHP is only told what apache is told. If the user doesn't want to give the agent to apache, then it will provide nothing to your PHP script. If they give a faux agent, that's what you get.
    A fairly large chunk of $_SERVER variables are deemed to be unreliable. This includes HTTP_USER_AGENT. Program under the explicit assumption that they are no good, and useful only for helping to assert a uniqueness, and not under any specific type of control attached to it.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 

  • Users who have thanked Fou-Lu for this post:

    Remix919 (05-28-2013)

  • #4
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,640
    Thanks
    0
    Thanked 649 Times in 639 Posts
    It is called a user agent because it can be set to anything by the user. There is no such shing as a spoofed user agent - it can contain anything at all depending on how the user wants to identify their browser.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • #5
    Regular Coder
    Join Date
    Jan 2006
    Posts
    199
    Thanks
    30
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Junsee View Post
    you're going about this the wrong way, detect if an agent is being spoofed first
    then detect the user agent

    But I would use almight Google for this one...
    http://www.strictly-software.com/BrowserObject.asp
    I'm still able to spoof the information shown on that site.

  • #6
    Regular Coder
    Join Date
    Jan 2006
    Posts
    199
    Thanks
    30
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fou-Lu View Post
    Not with PHP there isn't. PHP is only told what apache is told. If the user doesn't want to give the agent to apache, then it will provide nothing to your PHP script. If they give a faux agent, that's what you get.
    A fairly large chunk of $_SERVER variables are deemed to be unreliable. This includes HTTP_USER_AGENT. Program under the explicit assumption that they are no good, and useful only for helping to assert a uniqueness, and not under any specific type of control attached to it.
    Is there a way to find the real user agent using another scripting or if not find the user agent, find out if the user is using a spoof?

  • #7
    Junsee
    Guest
    Quote Originally Posted by Remix919 View Post
    I'm still able to spoof the information shown on that site.
    yeah its not good, personally I don't see the point, its never full proof, and involves a more effort than reward.


    oh ... and this is really javascript domain.

  • #8
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,327
    Thanks
    60
    Thanked 525 Times in 512 Posts
    Blog Entries
    4
    Quote Originally Posted by Remix919 View Post
    Is there a way to find the real user agent using another scripting or if not find the user agent, find out if the user is using a spoof?
    No not really. Don't forget many browsers like the mozilla range allow the user to edit this anyway in about:config thus allowing the user to change PERMANENTLY what the browser sends to every website. The browser will never override that either. Spoofing doesn't exist with web browsers, it's down to the user how to identify what browser they use - if they even want to send that to you.

    PHP / javascript will also not allow you access to the users registry so ultimately there is no way to detect what they are using.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •