Page 1 of 1
Cron job access question
Posted: Sun May 07, 2006 11:01 am
by Dale
I have some files on my "online text based game" that i'm creating that are used in cron jobs. I was just wondering though is there something in PHP I can add at the top of these files or in them somewhere which stops people like me or anyone else from accessing them and getting it to run what is in the file?
Posted: Sun May 07, 2006 11:07 am
by feyd
Place them outside the document root or place them in a directory with an .htaccess that denies all requests to the contents... there are more options, but that's the basic ones.
Posted: Sun May 07, 2006 11:13 am
by Dale
So the cron job script doesn't get affected by the .htaccess file then??
What roughly would I need to insert in the .htaccess file?
Posted: Sun May 07, 2006 11:22 am
by feyd
That would depend on how your cron job accesses the files. If you make a web request, .htaccess could block it. But if the request is a file system level one, .htaccess won't affect it.
is what I usually toss in. You could add an exception for localhost or the server's IP, but if you're on a shared host, that could be dangerous again.
http://httpd.apache.org/docs/1.3/howto/auth.html#access
Posted: Sun May 07, 2006 12:19 pm
by Dale
My cron jobs are ran from the Cron Job section in cPanel (in Standard Mode)
Example:Code: Select all
/usr/bin/php -q /home/dalehay/public_html/PATH/TO/FILE
I will look into link.
Posted: Sun May 07, 2006 2:09 pm
by AKA Panama Jack
Or you could add something like this to each file.
Code: Select all
$program_name = "myprogram.php"; // This is the name of this program file
if (basename($_SERVER['PHP_SELF']) == $program_name)
{
echo "You can not access this file directly!";
die();
}
Posted: Sun May 07, 2006 2:15 pm
by s.dot
AKA Panama Jack wrote:Or you could add something like this to each file.
Code: Select all
$program_name = "myprogram.php"; // This is the name of this program file
if (basename($_SERVER['PHP_SELF']) == $program_name)
{
echo "You can not access this file directly!";
die();
}
That's clever

Posted: Sun May 07, 2006 2:19 pm
by AKA Panama Jack
Actually for those that have Register Globals enabled this would be better...
Code: Select all
if (basename($_SERVER['PHP_SELF']) == "myprogram.php")
{
echo "You can not access this file directly!";
die();
}
Posted: Sun May 07, 2006 2:26 pm
by s.dot
Anyways, I believe the easiest way to solve this problem would be to run this cron
Code: Select all
/usr/bin/php -q /home/dalehay/cron.php
As you can see, the cron script is not in the public_html directory. Therefore, its not accessable.