rickphp Posted June 21, 2012 Share Posted June 21, 2012 Hi, Just looking for some help. The code is part of a mobile redirection script, to redirect certain user agents to a mobile page. The GETs are being used to allow mobile users to override the mobile redirection so they can view the desktop site on their mobile by setting a session that disables the redirection. I have the following code, which works however I have some niggles/concern. 1) Could the script be used to inject code onto my site, as there is no sanitising on the GET funcitons. 2) When using the GET function, sometimes ?goclient=true / ?gohome=true is appended to the url even though it has redirected them to the correct page. 3) There are two different links to the normal desktop site, one to the home page, and another that goes straight to the client login page. Is it a problem using the same session name? 4) Can I put the 'if ( $_GET['gohome'] != 'true' ) and if ( $_GET['goclient'] != 'true' ) into one statement, as i did them seperately. 5) Is there a way to tidy up the code? At the moment the if statements are seperate out, perhaps it can be coded more efficiently? Obviously this isn't the full code, and the list of vars has been shortened to iphone and ipod - really there are over 30 vars. Any help is greatly appreciated! // redirect to mobile site because session doesnt exist if ( $_GET['gohome'] != 'true' ) { if ($iphone || $ipod) { if (!isset($_SESSION['moboverride'])) { header('Location: http://www.site.com/mobile/'); } } } // redirect to mobile site because session doesnt exist if ( $_GET['goclient'] != 'true' ) { if ($iphone || $ipod) { if (!isset($_SESSION['moboverride'])) { header('Location: http://www.site.com/mobile/'); } } } // redirection override session exists and url contains ?goclient=true, so redirect to client login page, dont redirect to mobile if ( $_GET['goclient'] == 'true' ) { if ($iphone || $ipod) { if (!isset($_SESSION['moboverride'])) { $_SESSION['moboverride'] = true; header('Location: http://www.site.com/clientarea.php'); } } } // redirection override session exists and url contains ?gohome=true, so redirect to normal home page, dont redirect to mobile if ( $_GET['gohome'] == 'true' ) { if ($iphone || $ipod) { if (!isset($_SESSION['moboverride'])) { $_SESSION['moboverride'] = true; header('Location: http://www.site.com/'); } } } Link to comment https://forums.phpfreaks.com/topic/264539-help-with-get-set-session-to-override-mobile-redirection/ Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.