Page 1 of 1

Safe php cron jobs?

Posted: Sun May 18, 2008 3:44 pm
by Citizen
Currently, I have a php script that I need to run every five minutes. The problem is, anyone could go to the page and run the cron job, which I don't want.

When I pw protect the directory or the files, the cron doesnt run. If I CHMOD it to 700 or 770, it also wont run.

I use this command to run it:

Code: Select all

curl -s -o /dev/null http://mydomain.com/cron/per5.php

Re: Safe php cron jobs?

Posted: Sun May 18, 2008 3:51 pm
by nowaydown1
You could add a parameter to your per5.php that is checked via $_GET that would serve as some sort of "token". If no token is supplied, the script doesn't execute. Likewise, if the wrong token is supplied, the script doesn't execute.

Anotherwords:

Code: Select all

 
curl -s -o /dev/null http://mydomain.com/cron/per5.php?token=mysupersecretpasswordthing
 
Then just modify your per5.php script to check to make sure that thing is set correctly. Otherwise, die(). I'm sure there's probably some other best practices stuff around that somebody could bring to light. This is the first thing that came to mind.

Re: Safe php cron jobs?

Posted: Sun May 18, 2008 3:57 pm
by Citizen
Thanks for the suggestion! I'll put that into to use until if/when we figure out something 'better'.

Re: Safe php cron jobs?

Posted: Sun May 18, 2008 11:29 pm
by s.dot
Or you could put the php script above the document root...

so instead of /home/user/public_html/cron_script.php ..
put it as

/home/user/cron_script.php

Then it can't be accessed via the browser.

And/or setting up .htaccess to deny access to your cron script would work.