homepage Welcome to WebmasterWorld Guest from 50.16.112.199
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
PHP and time
rhodopsin

10+ Year Member



 
Msg#: 5685 posted 12:58 pm on Nov 11, 2004 (gmt 0)

What I hope to do is find the time zone of my visitor. I want to find this out from the time zone setting on their computer (not by inference using IP based geolocation etc..). Now I know that this can be done in javascript:

<SCRIPT Language="JavaScript">
var curDateTime = new Date()
document.write("GMT Offset for your time zone is ")
document.write(-(curDateTime.getTimezoneOffset()/60))
</SCRIPT>

It returns for me:
GMT Offset for your time zone is 0

Now the above code is not exactly what I want to do - I actually want to do a redirect based on time zone of visitor - but the above code has the principles I would use.

I do not want the visitor to know that they are being redirected on the basis of time zone. Using javascript - they can see my code. So, I wish to use PHP - then they cannot see my code. But can anyone tell me how I can get hold of the time zone of the visitor in PHP?

Note that I am willing to comprimise - if I cannot get the time zone of the visitor - I would be happy getting the date and time on their computer. Is there any way to do this in PHP?

If PHP is out of the question - is there anyway that I could use server side javascript, perhaps in accordance with PHP, to do this? Such that the javascript code was hidden from the visitor if they ever went looking

If I can do this in PHP - am I right to assume that PHP code is safe from visitors being able to see it? Unlike Javascript.

 

mincklerstraat

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 5685 posted 1:53 pm on Nov 11, 2004 (gmt 0)

You have a few potential problems here - whether this is possible at all, and whether the searchengines will penalize you for this kind of content negotiation.

There is no way that you can do this transparently (without the user knowing) - a browser doesn't automatically send any information to the server of this type in its request.

However, you might be able to 'kluge' your way in there. I think many people's grannies know more about javascript than I do, and what's key here is also what is permitted according to a browser's security rules in dealing with javascript, since this is the kind of thing that can get people who are surfing in trouble. But something along the following lines might be possible:

<?php
if(empty($_GET['useroffset'])){
echo '
<script language="JavaScript">
off=getTimezoneOffset();
document.write(\'<META HTTP-EQUIV=Refresh CONTENT="0; URL=ht*p:\\/\\/www.yoursite.com\\/?useroffset=\'+off">\');
</script>';
} elseif(is_numeric($_GET['useroffset'])) $useroffset = $_GET['useroffset'];

The code above is intended to redirect your user to the main page of your site with $_GET['useroffset'] set to this useroffset with javascript.

baertyp

10+ Year Member



 
Msg#: 5685 posted 9:28 pm on Nov 11, 2004 (gmt 0)

Or, as an addition to mincklerstraats solution, have JavaScript place a cookie with the timezone and do the redirect with the next page request, when PHP is able to read the cookie value and process it accordingly. This probably gets you around the security issues of the above solution.

Doesn't fix the problem that the curious user can see what's happening. There are ways though to make it quite a cumbersome task to find out what some JS code really does, even for the experienced. Security by obscurity...

Regards
Markus

mincklerstraat

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 5685 posted 8:36 am on Nov 12, 2004 (gmt 0)

Actually, I was a bit curious about this one and tried it out - there were a few errors in the javascript (suprise suprise), but I ironed them out and this works in firefox:

<?php
if(empty($_GET['useroffset'])){
echo '
<script language="JavaScript">
var dt = new Date()
var off= dt.getTimezoneOffset();
document.write(\'<META HTTP-EQUIV=Refresh CONTENT="0; URL=ht*p://localhost/tmp/offset.php?useroffset=\'+off);
document.write(\'">\');
</script>';
} elseif(is_numeric($_GET['useroffset'])){
$useroffset = $_GET['useroffset'];
echo $useroffset;
}

Returning someone's timezone offset isn't really such a bit security hazzard, and on second thought probably the other variables available with javascript aren't going to constitute a tremendous security hazzard either.

rhodopsin

10+ Year Member



 
Msg#: 5685 posted 7:43 pm on Nov 12, 2004 (gmt 0)

Putting this here for my own future reference more than anything else. Is a similar thread which ties in nicely with this one:

[webmasterworld.com...]

rhodopsin

10+ Year Member



 
Msg#: 5685 posted 4:45 pm on Nov 13, 2004 (gmt 0)

One thing that I shoudl mention is that it is not my code per se that i wish to protect - it is just that i do not want persons to know that i am redirecting on the basis of time zone if they ever take the time to look. So, in this way I can provide different content to different time zones - without anyone knowing.

Why do I not get the time, and then send it back to a php script like you kindly suggested in your last post?

That is an excellent idea. It definitely reduces the amount of code on the client side. But - they could still guess that I am using time zone as they can see that the time zone javascript variable is being sent to my server. Is there anyway that i can implement the javascript with perhaps altered variable names - so that they would not know that it is time information that I am plucking from their computer?

For instance - here is some javascript that returns the time zone of the visitor. I could adapt this to send time zone variables back to my server - but in such code they would see getTimezoneOffset - would guess that I had some code server side that was perhaps redirecting on the basis of time zone. Is there anyway that I can change javascript variables to different names? So, that they cannot guess what I am sending server side?

<SCRIPT Language="JavaScript">
var curDateTime = new Date()
document.write("GMT Offset for your time zone is ")
document.write(-(curDateTime.getTimezoneOffset()/60))
</SCRIPT>

Once again - many thanks for all your help. I really hope that you dont find this thread tiresome. You really are being a great help to me. I really am very grateful.

rhodopsin

10+ Year Member



 
Msg#: 5685 posted 4:47 pm on Nov 13, 2004 (gmt 0)

This thread is closely related to another one that i have posted recently. The relevance may not seem strong at the beginning - but scroll down and you will start to get it:

[webmasterworld.com...]

mincklerstraat

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 5685 posted 7:10 pm on Nov 13, 2004 (gmt 0)

Hmmm, indeed - I see that httpwebwitch posted, in the first thread you mention, something quite similar to what I suggest, maybe a little more elegant since it just uses javascript directly to redirect the browser instead of using document.write(). Good researchwork. As to getTimezoneOffset(), it's a javascript function, I don't really know how you'd get out of using that unless javascript has variable functions like PHP, in which case you could cryptically put together a few strings to create this function's name and call that string as a function. For that kind of javascript virtuosity you'd probably best post in the javascript forum.

Pleased to have been some help; hope you find something that approaches your ideal solution here.

baertyp

10+ Year Member



 
Msg#: 5685 posted 7:28 pm on Nov 13, 2004 (gmt 0)

While it is a matter of fact that you cannot technically hide client side scripts such as JavaScript from the user, there are ways to make it very hard job for the average user to exactly find out what's happening.

First of all, avoid in-line scripting. Define your functions in a separate JavaScript file, load this file in the html header section and merely call the functions in-line.

Hide the important bits of code inside tons of useless other code. Make use of the eval(String.fromCharCode(<ascii values of your code here>)) function for both important and unimportant bits of the code to further obscure the whole thing. (Want to hide a tree? Place it in a forest!)

There is a choice of "code uglifiers" out there. Google will find them for you. Run your code through one of them and be prepared for a surprise when trying to read your own code.

Do the actual relocation on the server side using header("Location: <url>"). Your client side code has to set a cookie to get the client's timezone to your server, or just place the current client's time in the cookie and calculate the timezone yourself on the server side. Even if someone's really, really curious and gets down to the important bits, placing the current time in a cookie is nothing much suspicious, as has been said before.

Have your "grab the time(zone)"-function do something really nice for the user at the same time, which might satisfy the user's curiosity and stop him from looking any further.

I see one drawback though: When I run into some code which literally cries "Don't ever understand me!" this fact alone is a real challenge for me to have a much closer look at it. Well, that's me of course...

But remember, JavaScript is not always enabled on every browser out there.

I really shouldn't have written all this...

Regards
Markus

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved