search

serbanghita / Mobile-Detect

Mobile_Detect is a lightweight PHP class for detecting mobile devices (including tablets). It uses the User-Agent string combined with specific HTTP headers to detect the mobile environment.
http://mobiledetect.net
MIT License
10.55k stars 2.68k forks source link

Need advice on `No valid user-agent has been set` PHP Fatal error #948

Closed trendoman closed 1 year ago

trendoman commented 1 year ago

A server randomly receives requests that have no user-agent, mostly from similar IPs (VPN?) e.g.

    [USER] => xxx
    [HOME] => /home/xxx
    [SCRIPT_NAME] => /index.php
    [REQUEST_URI] => /
    [QUERY_STRING] => 
    [REQUEST_METHOD] => GET
    [SERVER_PROTOCOL] => HTTP/1.1
    [GATEWAY_INTERFACE] => CGI/1.1
    [REMOTE_PORT] => 57950
    [SCRIPT_FILENAME] => /home/xxx/public_html/index.php
    [SERVER_ADMIN] => admin@xxx.xx
    [CONTEXT_DOCUMENT_ROOT] => /home/xxx/public_html
    [CONTEXT_PREFIX] => 
    [REQUEST_SCHEME] => https
    [DOCUMENT_ROOT] => /home/xxx/public_html
    [REMOTE_ADDR] => 198.235.24.130
    [SERVER_PORT] => 443
    [SERVER_ADDR] => xx.xx.xx.xx
    [SERVER_NAME] => www.xxx.xx
    [SERVER_SOFTWARE] => Apache
    [SERVER_SIGNATURE] => 
    [PATH] => /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
    [HTTP_HOST] => www.xxx.xx
    [HTTPS] => on
    [SCRIPT_URI] => https://www.xxx.xx/
    [SCRIPT_URL] => /
    [UNIQUE_ID] => xxx-xx
    [FCGI_ROLE] => RESPONDER
    [PHP_SELF] => /index.php
    [REQUEST_TIME_FLOAT] => 1699157949.7019
    [REQUEST_TIME] => 1699157949

What is the proper reaction to such situations - handle exceptions, fill-in a user agent before instantiating MD or else? Please advise. Thanks a lot! (I have masked a few fields, but did not delete any rows) It's as is from print_r($_SERVER, true) output.

maverik23 commented 1 year ago

same here

trendoman commented 1 year ago

I am reading a few postings on Stack that basically revolve around fact that absent user-agent (not empty string, but completely missing one) is a valid request. https://stackoverflow.com/questions/24274789/is-lack-of-user-agent-in-http-request-valid

A posting reported that visitors with a missing UA successfulle performed purchases on website (possibly this is a disinformation lol) https://stackoverflow.com/questions/71527200/how-am-i-getting-users-with-no-user-agent-string

So, meanwhile I am going to try setting it explicitly to an empty string e.g.

if( false === $MB->hasUserAgent() ){ $MB->setUserAgent(''); }
serbanghita commented 1 year ago

As of https://github.com/serbanghita/Mobile-Detect/releases/tag/4.8.04 the rule is that if there is no User-Agent provided (even after we tried to auto-initialize from known $_SERVER['...'] variables, this will throw an exception, because it's actually an exceptional situation and you don't want to go on with the processing.

The recommendation is the following:

$detect = new MobileDetect();

$isMobile = false;
try {
    $isMobile = $detect->isMobile();
} catch (\Detection\Exception\MobileDetectException $e) {
  // do nothing, or log this to your error logs.
}

var_dump($isMobile);
serbanghita commented 1 year ago

Added this example to https://github.com/serbanghita/Mobile-Detect/blob/4.8.x/scripts/example.php