You have a few potential problems here - whether this is possible at all, and whether the searchengines will penalize you for this kind of content negotiation.

There is no way that you can do this transparently (without the user knowing) - a browser doesn't automatically send any information to the server of this type in its request.

However, you might be able to 'kluge' your way in there. I think many people's grannies know more about javascript than I do, and what's key here is also what is permitted according to a browser's security rules in dealing with javascript, since this is the kind of thing that can get people who are surfing in trouble. But something along the following lines might be possible:

<?php 
if(empty($_GET['useroffset'])){ 
echo ' 
<script language="JavaScript"> 
off=getTimezoneOffset(); 
document.write(\'<META HTTP-EQUIV=Refresh CONTENT="0; URL=ht*p:\\/\\/www.yoursite.com\\/?useroffset=\'+off">\'); 
</script>'; 
} elseif(is_numeric($_GET['useroffset'])) $useroffset = $_GET['useroffset']; 

The code above is intended to redirect your user to the main page of your site with

$_GET['useroffset']

set to this useroffset with javascript.

Or, as an addition to mincklerstraats solution, have JavaScript place a cookie with the timezone and do the redirect with the next page request, when PHP is able to read the cookie value and process it accordingly. This probably gets you around the security issues of the above solution.

Doesn't fix the problem that the curious user can see what's happening. There are ways though to make it quite a cumbersome task to find out what some JS code really does, even for the experienced. Security by obscurity...

Regards
Markus

Actually, I was a bit curious about this one and tried it out - there were a few errors in the javascript (suprise suprise), but I ironed them out and this works in firefox:

<?php 
if(empty($_GET['useroffset'])){ 
echo ' 
<script language="JavaScript"> 
var dt = new Date() 
var off= dt.getTimezoneOffset(); 
document.write(\'<META HTTP-EQUIV=Refresh CONTENT="0; URL=ht*p://localhost/tmp/offset.php?useroffset=\'+off); 
document.write(\'">\'); 
</script>'; 
} elseif(is_numeric($_GET['useroffset'])){ 
 $useroffset = $_GET['useroffset']; 
 echo $useroffset; 
 } 

Returning someone's timezone offset isn't really such a bit security hazzard, and on second thought probably the other variables available with javascript aren't going to constitute a tremendous security hazzard either.

Putting this here for my own future reference more than anything else. Is a similar thread which ties in nicely with this one:

[webmasterworld.com...]

One thing that I shoudl mention is that it is not my code per se that i wish to protect - it is just that i do not want persons to know that i am redirecting on the basis of time zone if they ever take the time to look. So, in this way I can provide different content to different time zones - without anyone knowing.

Why do I not get the time, and then send it back to a php script like you kindly suggested in your last post?

That is an excellent idea. It definitely reduces the amount of code on the client side. But - they could still guess that I am using time zone as they can see that the time zone javascript variable is being sent to my server. Is there anyway that i can implement the javascript with perhaps altered variable names - so that they would not know that it is time information that I am plucking from their computer?

For instance - here is some javascript that returns the time zone of the visitor. I could adapt this to send time zone variables back to my server - but in such code they would see getTimezoneOffset - would guess that I had some code server side that was perhaps redirecting on the basis of time zone. Is there anyway that I can change javascript variables to different names? So, that they cannot guess what I am sending server side?

<SCRIPT Language="JavaScript">
var curDateTime = new Date()
document.write("GMT Offset for your time zone is ")
document.write(-(curDateTime.getTimezoneOffset()/60))
</SCRIPT>

Once again - many thanks for all your help. I really hope that you dont find this thread tiresome. You really are being a great help to me. I really am very grateful.

This thread is closely related to another one that i have posted recently. The relevance may not seem strong at the beginning - but scroll down and you will start to get it:

[webmasterworld.com...]

Hmmm, indeed - I see that httpwebwitch posted, in the first thread you mention, something quite similar to what I suggest, maybe a little more elegant since it just uses javascript directly to redirect the browser instead of using document.write(). Good researchwork. As to getTimezoneOffset(), it's a javascript function, I don't really know how you'd get out of using that unless javascript has variable functions like PHP, in which case you could cryptically put together a few strings to create this function's name and call that string as a function. For that kind of javascript virtuosity you'd probably best post in the javascript forum.

Pleased to have been some help; hope you find something that approaches your ideal solution here.

While it is a matter of fact that you cannot technically hide client side scripts such as JavaScript from the user, there are ways to make it very hard job for the average user to exactly find out what's happening.

First of all, avoid in-line scripting. Define your functions in a separate JavaScript file, load this file in the html header section and merely call the functions in-line.

Hide the important bits of code inside tons of useless other code. Make use of the eval(String.fromCharCode(<ascii values of your code here>)) function for both important and unimportant bits of the code to further obscure the whole thing. (Want to hide a tree? Place it in a forest!)

There is a choice of "code uglifiers" out there. Google will find them for you. Run your code through one of them and be prepared for a surprise when trying to read your own code.

Do the actual relocation on the server side using header("Location: <url>"). Your client side code has to set a cookie to get the client's timezone to your server, or just place the current client's time in the cookie and calculate the timezone yourself on the server side. Even if someone's really, really curious and gets down to the important bits, placing the current time in a cookie is nothing much suspicious, as has been said before.

Have your "grab the time(zone)"-function do something really nice for the user at the same time, which might satisfy the user's curiosity and stop him from looking any further.

I see one drawback though: When I run into some code which literally cries "Don't ever understand me!" this fact alone is a real challenge for me to have a much closer look at it. Well, that's me of course...

But remember, JavaScript is not always enabled on every browser out there.

I really shouldn't have written all this...

Regards
Markus