Safe php cron jobs?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Citizen
Forum Contributor
Posts: 300
Joined: Wed Jul 20, 2005 10:23 am

Safe php cron jobs?

Post by Citizen »

Currently, I have a php script that I need to run every five minutes. The problem is, anyone could go to the page and run the cron job, which I don't want.

When I pw protect the directory or the files, the cron doesnt run. If I CHMOD it to 700 or 770, it also wont run.

I use this command to run it:

Code: Select all

curl -s -o /dev/null http://mydomain.com/cron/per5.php
nowaydown1
Forum Contributor
Posts: 169
Joined: Sun Apr 27, 2008 1:22 am

Re: Safe php cron jobs?

Post by nowaydown1 »

You could add a parameter to your per5.php that is checked via $_GET that would serve as some sort of "token". If no token is supplied, the script doesn't execute. Likewise, if the wrong token is supplied, the script doesn't execute.

Anotherwords:

Code: Select all

 
curl -s -o /dev/null http://mydomain.com/cron/per5.php?token=mysupersecretpasswordthing
 
Then just modify your per5.php script to check to make sure that thing is set correctly. Otherwise, die(). I'm sure there's probably some other best practices stuff around that somebody could bring to light. This is the first thing that came to mind.
Citizen
Forum Contributor
Posts: 300
Joined: Wed Jul 20, 2005 10:23 am

Re: Safe php cron jobs?

Post by Citizen »

Thanks for the suggestion! I'll put that into to use until if/when we figure out something 'better'.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Re: Safe php cron jobs?

Post by s.dot »

Or you could put the php script above the document root...

so instead of /home/user/public_html/cron_script.php ..
put it as

/home/user/cron_script.php

Then it can't be accessed via the browser.

And/or setting up .htaccess to deny access to your cron script would work.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Post Reply