passing user agent pass through verification not working perfectly

https://stackoverflow.com/questions/18279061

24-06-2022
|

Question

so I had built an age verification page that blocks crawlers from getting to the main site. However, I added some code that should allow the crawler to get through and not normal users if a cookie is not set for them. However it seems to not work, the facebook one just gets redirected which I need for open graph information. I go to the debugger and type in the url for the site and it just shows that the facebook crawler gets redirected. The following verification of the code does not work at all so for example when I change my browsing session to googlebot it gets redirected.

<?php

if (!in_array($_SERVER['HTTP_USER_AGENT'], array(
  'facebookexternalhit/1.0 (+https://www.facebook.com/externalhit_uatext.php)',
  'facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)',
  'Googlebot/2.1 (+http://www.googlebot.com/bot.html)',
  'Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)',
  'msnbot/2.0b (+http://search.msn.com/msnbot.htm)'

))) {
 if(!isset($_COOKIE['legal'])) {
        header("Location: verify.php");
    }
  if($_COOKIE['legal'] == "no") {
        header("Location: http://www.centurycouncil.org/");
    }
}

?>

This code below is the one that works for googlebot and the other search crawlers, but it doesn't work for facebook. facebook just gets redirected if facebooks tries to crawl.

<?php

if((!strpos($_SERVER['HTTP_USER_AGENT'], "Googlebot")) && (!strpos($_SERVER['HTTP_USER_AGENT'], "bingbot")) && (!strpos($_SERVER['HTTP_USER_AGENT'], "Yahoo! Slurp")) && (!strpos($_SERVER['HTTP_USER_AGENT'], "facebookexternalhit")))
{
    if(!isset($_COOKIE['legal'])) {
    header("Location: verify.php");
    }
    if($_COOKIE['legal'] == "no") {
        header("Location: http://www.centurycouncil.org/");
    }

}
?>

Solution

You're mis-using strpos(), as explicitly warned on its document page: http://php.net/strpos

strpos() can and WILL return a legitimate 0 if the string you're searching for is at the START of the string being searched. But PHP will interpret that 0 as a false (aka failure), which is you're getting your bad redirects.

You have to use the strict comparison operators, e.g.

if (strpos($UA, 'facebook') !== false) {
                            ^^^---strict operator, note the extra `=`.

which test the variable's type AND value, not just the value. strpos will return a boolean FALSE if no match is found, but PHP treats

(false == 0)

as true, wherease

(false === 0) // note the extra =

is false.

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow