Cron job access question

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Dale
Forum Contributor
Posts: 466
Joined: Fri Jun 21, 2002 5:57 pm
Location: Atherstone, Warks

Cron job access question

Post by Dale »

I have some files on my "online text based game" that i'm creating that are used in cron jobs. I was just wondering though is there something in PHP I can add at the top of these files or in them somewhere which stops people like me or anyone else from accessing them and getting it to run what is in the file?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Place them outside the document root or place them in a directory with an .htaccess that denies all requests to the contents... there are more options, but that's the basic ones.
Dale
Forum Contributor
Posts: 466
Joined: Fri Jun 21, 2002 5:57 pm
Location: Atherstone, Warks

Post by Dale »

So the cron job script doesn't get affected by the .htaccess file then??

What roughly would I need to insert in the .htaccess file?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

That would depend on how your cron job accesses the files. If you make a web request, .htaccess could block it. But if the request is a file system level one, .htaccess won't affect it.

Code: Select all

Order deny, allow
Deny from all
is what I usually toss in. You could add an exception for localhost or the server's IP, but if you're on a shared host, that could be dangerous again.

http://httpd.apache.org/docs/1.3/howto/auth.html#access
Dale
Forum Contributor
Posts: 466
Joined: Fri Jun 21, 2002 5:57 pm
Location: Atherstone, Warks

Post by Dale »

My cron jobs are ran from the Cron Job section in cPanel (in Standard Mode)

Example:

Code: Select all

/usr/bin/php -q /home/dalehay/public_html/PATH/TO/FILE
I will look into link.
User avatar
AKA Panama Jack
Forum Regular
Posts: 878
Joined: Mon Nov 14, 2005 4:21 pm

Post by AKA Panama Jack »

Or you could add something like this to each file.

Code: Select all

$program_name = "myprogram.php"; // This is the name of this program file

if (basename($_SERVER['PHP_SELF']) == $program_name)
{
	echo "You can not access this file directly!";
	die();
}
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

AKA Panama Jack wrote:Or you could add something like this to each file.

Code: Select all

$program_name = "myprogram.php"; // This is the name of this program file

if (basename($_SERVER['PHP_SELF']) == $program_name)
{
	echo "You can not access this file directly!";
	die();
}
That's clever ;)
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
User avatar
AKA Panama Jack
Forum Regular
Posts: 878
Joined: Mon Nov 14, 2005 4:21 pm

Post by AKA Panama Jack »

Actually for those that have Register Globals enabled this would be better...

Code: Select all

if (basename($_SERVER['PHP_SELF']) == "myprogram.php")
{
	echo "You can not access this file directly!";
	die();
}
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

Anyways, I believe the easiest way to solve this problem would be to run this cron

Code: Select all

/usr/bin/php -q /home/dalehay/cron.php
As you can see, the cron script is not in the public_html directory. Therefore, its not accessable.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Post Reply