Jump to content

Help with GET - Set session to override mobile redirection

rickphp

By rickphp
in Third Party Scripts

 Share

Recommended Posts

rickphp Member

rickphp

Posted
Posted

Hi,

 

Just looking for some help.

 

The code is part of a mobile redirection script, to redirect certain user agents to a mobile page.

The GETs are being used to allow mobile users to override the mobile redirection so they can view the desktop site on their mobile by setting a session that disables the redirection.

 

I have the following code, which works however I have some niggles/concern.

 

1) Could the script be used to inject code onto my site, as there is no sanitising on the GET funcitons.

 

2) When using the GET function, sometimes ?goclient=true / ?gohome=true is appended to the url even though it has redirected them to the correct page.

 

3) There are two different links to the normal desktop site, one to the home page, and another that goes straight to the client login page.

Is it a problem using the same session name?

 

4) Can I put the 'if ( $_GET['gohome'] != 'true' ) and if ( $_GET['goclient'] != 'true' )  into one statement, as i did them seperately.

 

5) Is there a way to tidy up the code? At the moment the if statements are seperate out, perhaps it can be coded more efficiently?

 

Obviously this isn't the full code, and the list of vars has been shortened to iphone and ipod - really there are over 30 vars.

 

Any help is greatly appreciated!

 


// redirect to mobile site because session doesnt exist
if ( $_GET['gohome'] != 'true' ) {
if ($iphone || $ipod) {

  if (!isset($_SESSION['moboverride'])) {

header('Location: http://www.site.com/mobile/'); 

	}
}
}

// redirect to mobile site because session doesnt exist
if ( $_GET['goclient'] != 'true' ) {
if ($iphone || $ipod) {

  if (!isset($_SESSION['moboverride'])) {

header('Location: http://www.site.com/mobile/');

	}
}
}

// redirection override session exists and url contains ?goclient=true, so redirect to client login page, dont redirect to mobile
if ( $_GET['goclient'] == 'true' ) {
if ($iphone || $ipod) {

  if (!isset($_SESSION['moboverride'])) {
    $_SESSION['moboverride'] = true;

header('Location: http://www.site.com/clientarea.php');

	}
}
}

// redirection override session exists and url contains ?gohome=true, so redirect to normal home page, dont redirect to mobile
if ( $_GET['gohome'] == 'true' ) {
if ($iphone || $ipod) {

  if (!isset($_SESSION['moboverride'])) {
    $_SESSION['moboverride'] = true;

header('Location: http://www.site.com/');

	}
}
}

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.