Page 1 of 1
Block user agents from an array()
Posted: Sat Feb 04, 2006 4:14 am
by WaldoMonster
This is working:
Code: Select all
$block_user_agent = array('Mozilla/', 'Opera/', 'Wget/');
$block = false;
foreach($block_user_agent as $agent)
if (substr($_SERVER['HTTP_USER_AGENT'], 0, strlen($agent)) == $agent) $block = true;
Can this be done without a loop, with something similar like in_array() ?
Posted: Sat Feb 04, 2006 4:51 am
by feyd
array_search()
however, you will have to extract out the whatever/ from the source string first. Which can be done via regex, or a clever
strpos()-
substr() combo
Posted: Sat Feb 04, 2006 5:43 am
by WaldoMonster
Thanks feyd,
This is the code so far:
Code: Select all
$agent = $_SERVER['HTTP_USER_AGENT'];
$agent = substr($agent, 0, strpos($agent, '/'));
$block_user_agent = array('Mozilla', 'Opera', 'Wget');
$blocked = false;
if (is_numeric(array_search($agent, $block_user_agent)))) $blocked = true;
I will do some speed compersion between regex and the strpos() substr() combo.
Posted: Sat Feb 04, 2006 11:31 am
by hawleyjr
Don't trust user agents, they can easily be modified by the user...
Posted: Sat Feb 04, 2006 1:44 pm
by AKA Panama Jack
hawleyjr wrote:Don't trust user agents, they can easily be modified by the user...
That's definately true.
If you want to really be secure you need to add 'IE/' to that list.

Posted: Sat Feb 04, 2006 4:53 pm
by WaldoMonster
hawleyjr wrote:Don't trust user agents, they can easily be modified by the user...
I want to make a very basic protection for users that can stream music don't can download the music.
I know that there are ways to get around this simple protection.
If I absolutely want to be sure they can't download, I don't must give them streaming rights in the first place.
This is the authentication I use for streaming.
The $session['user_agent'] is the user agent from the browser witch have logged in.
Code: Select all
$agent = $_SERVER['HTTP_USER_AGENT'];
$agent = substr($agent, 0, strpos($agent, '/'));
if ($session['logged_in'] &&
$session['idle_time'] + $cfg['authenticate_expire'] > time() &&
$session['ip'] == $_SERVER['REMOTE_ADDR'] &&
$session['user_agent'] != $_SERVER['HTTP_USER_AGENT'] &&
is_numeric(array_search($agent, array('Mozilla', 'Opera', 'voyager', 'Wget', 'curl', 'Java'))) == false &&
$users['access_stream'])
{
// Start streaming
}
else
{
header('Status: 403 Forbidden');
header('HTTP/1.0 403 Forbidden');
header('HTTP/1.1 403 Forbidden');
exit('403 Forbidden');
}
Any improvement for this code is welcome

Posted: Sat Feb 04, 2006 4:58 pm
by WaldoMonster
AKA Panama Jack wrote:If you want to really be secure you need to add 'IE/' to that list.

I haven't found any user agent that starts with IE/ so far.
But I found some user agents that end with IE/ like:
Code: Select all
Mozilla/5.0 (Windows; U; Windows NT 5.1; us-EN; rv:1.7.12) Gecko/20050919 IE/7
Here I found a very long list with Browser user agents:
http://www.zytrax.com/tech/web/browser_ids.htm
Posted: Sat Feb 04, 2006 5:05 pm
by AKA Panama Jack
Panama Jack watches with bemusement as the joke flies right by WaldoMonster's head.

Posted: Sat Feb 04, 2006 5:53 pm
by WaldoMonster
AKA Panama Jack wrote:Panama Jack watches with bemusement as the joke flies right by WaldoMonster's head.

Ooooooo yes

I take a sleep, and don't be to series tomorrow
