[I.M.O.G.]

I'm interested in some programming help related to PHP, and potentially CSS also.

I want to create a question and answer field that is only viewable by text-only browsers, like Lynx or cURL. I want this question and answer field to be invisible to any normal browser (chrome, firefox, etc). What is the code I would need to get this behavior? Using the user agent will not work for my purposes, as my target audience forges the user agent value. My target audience also commonly disables javascript or uses noscript, so javascript solutions don't suit my needs either.

Help appreciated.

[ak1lz]

Howdy,

We currently use something similar to this.

Use this snipet to test against $browser.

Code:

<?php
echo $_SERVER['HTTP_USER_AGENT'] . "\n\n";

$browser = get_browser(null, true);
print_r($browser);
?>

Check browser_name_regex against $browser to see if it matches lynx or curl. If it matches, display your content.

[I.M.O.G.]

Thanks, that would work for what you explained, but my original post wasn't clear enough. Sorry about that. I've updated it to clarify I can't use the user agent value. My target audience for this actually forges their user-agent, so I have no way to tell the difference between someone on firefox, or someone claiming to be on firefox.

I used text based examples like Lynx/Curl because I know they don't pay any attention to CSS, but the user agent value could be anything in my scenario so that doesn't help. Essentially, I want to use CSS which hides the field on normal browsers, but the CSS will be ignored for anyone using Lynx/curl/etc, so they would still see the field.

That's the sneaky part - my goal is to roughly determine if the visitor actually supports CSS or not, then handle the users on either side of the fence appropriately. For example, there are 5 input fields, 4 of them are visible to normal users, 1 of them are only visible to text-only browsers. I can then handle the input I receive in accordance to what fields are filled out.

[ak1lz]

Text based browsers don't support Javascript. So the secondary option of using JS to detect browser type is gone.

The easiest way to accomplish what you are looking to do would be to put your form inside of a <noscript> tag.

Code:

<noscript>Modern browsers will not show this code unless the user specifically turned off javascript.</noscript>

Text-Based browsers do not support Javascript, and thus will show anything in the noscript tag. Modern browsers will ignore the noscript tag unless Javascript is turned off on the browser (fairly rare thing).

The <noscript> solution is not perfect, but probably is the closest thing you are going to get without using php or JS directly.

[I.M.O.G.]

Thanks, I didn't think of that. Could work pretty well. I'll take it for a test run. My audience is pretty technical and the ABP and noscript plugins are pretty popular with the firefox crowd, so I'm a bit concerned about visitors that prevent javascript from running being classified incorrectly.

My goal is to detect and classify visitors into two groups:
1. Browser supports stylesheets (doesn't see/fill in my hidden field)
2. Browser does not support stylesheets (sees/fills in my hidden field)

Depending on which group the visitor is in, I will treat them differently... One goes to heaven, one goes to hell. Few people disable javascript support, but plenty of technical folks do if they are concerned about the security of their browser - almost no one disables stylesheet support, so that makes it the most desirable solution for me.

Could I use something like this to do what I need using CSS?

[I.M.O.G.]

Figured out what I needed to do using CSS. For some reason it works fine when I put the CSS inline, but not any other way I tried it. For anyone interested, here is an example of the code I'm using:

Code:

<table>
<tr>
<td style="visibility: hidden;"><?php echo 'Random Question: What is 2+2?' ?></td><td style="visibility: hidden;"><input type="text" size="35" class="form" name="answer" value="<?php echo $sVar_answer ?>"></td>
</tr>
</table>

Class A of user will never see that random question, or fill out that field - they get the red carpet treatment. Class B of user will see that random question, and fill out the field - they get banished.

[Kevin]

Quote:

Originally Posted by I.M.O.G.

Class A of user will never see that random question, or fill out that field - they get the red carpet treatment. Class B of user will see that random question, and fill out the field - they get banished.

Ah ha. Was trying to get my head around what you were up to.

[housebg]

Wow, I think you just gave me the solution I've been looking for in my registration form. I already have a blackhole trap that is doing well to catch badbots, and it uses css hidden property and a link.

The CSS for something like what you did on my form field would probably work well - I'd just have to figure out the validation on submit and send them to my blackhole.

Thanks for sparking a new idea for me :-)

[I.M.O.G.]

No problem. It has proven fairly effective.

Just today so far, its blocked 62 attempted registrations. That is out of 199 total blocked registrations so far today. 15 people have registered successfully today.

[housebg]

Oh, that sounds fantastic! Most of my junk registrations have these weird "names" in both the login name and name field - sometimes identical or off by one character. At first, I was trying to write some complicated validation on these fields...

But I think I'll try this first, and see if I can cut this down with the hidden field. Thanks Again!

[I.M.O.G.]

You had mentioned your site was built on wordpress I believe. If you aren't already doing it, you can also use the check_spammers_plain.php from here to filter registrations against SFS. I have a friend who integrated that script with his wordpress registration.

[housebg]

Thanks Matt. I do have wordpress, but also a php script in the business listing directory - and that's the one that gets spam registrations all the time. I'll definitely check out the check_spammers_plain.php as well.