Cron Job PHP File

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
srujanabobba
Forum Newbie
Posts: 3
Joined: Tue Apr 03, 2007 9:29 pm

Cron Job PHP File

Post by srujanabobba »

Hi,

I want to execute a PHP file for every 5minutes. So, I have achieved this setting cron job for that particular file.
But I dont want other users of my website to access the page. So, i tried to keep the file before my domain name folder and tried. but it is not working.

Can you give me other suggestions which I can use?
I have read somewhere that we can block the remote access of that page. Is it a good choice or do we have any other good options.

Thanks in advance.

Regards,
Srujana.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Cron Job PHP File

Post by Mordred »

You can put the file outside the web root and directly call (from the cron job) the php interpreter on it.
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Cron Job PHP File

Post by kaisellgren »

You most probably need executive permissions for the file. If so, CHMOD to 0550 and put it outside the document root. You may also provide a secret key through $_GET for it, if you can't put it outside the doc root for some reason.
AGISB
Forum Contributor
Posts: 422
Joined: Fri Jul 09, 2004 1:23 am

Re: Cron Job PHP File

Post by AGISB »

PHP must be compiled to also run at the command prompt as I recall that correctly. This is not enabled by default but I am not sure if that is still the case in newer php versions.
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: Cron Job PHP File

Post by VladSun »

AGISB wrote:PHP must be compiled to also run at the command prompt as I recall that correctly. This is not enabled by default but I am not sure if that is still the case in newer php versions.
Huh?!?


@kaisellgren - one must also add a shebang line at the top of a PHP file in order to execute it without explicit call to the PHP interpreter.
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Cron Job PHP File

Post by kaisellgren »

VladSun wrote:
AGISB wrote:PHP must be compiled to also run at the command prompt as I recall that correctly. This is not enabled by default but I am not sure if that is still the case in newer php versions.
Huh?!?


@kaisellgren - one must also add a shebang line at the top of a PHP file in order to execute it without explicit call to the PHP interpreter.
You call it to the PHP interpreter and also you can't say that, works fine under Windows so it depends :lol: -- anyway, you also need Executive permissions if your not using Windows.

I think AGISB has messed up and is talking about ... CLI?
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: Cron Job PHP File

Post by VladSun »

kaisellgren wrote:I think AGISB has messed up and is talking about ... CLI?
Gosh!
php-cli !
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: Cron Job PHP File

Post by VladSun »

kaisellgren wrote:You call it to the PHP interpreter -- anyway, you also need Executive permissions if your not using Windows.
I don't think I get this one ... again... :oops:

I mean:

Code: Select all

root@designer:/home# chmod 0500 1.php
root@designer:/home# ./1.php
./1.php: line 1: ?php: No such file or directory
It's alive!
./1.php: line 3: syntax error near unexpected token `newline'
./1.php: line 3: `?>'
root@designer:/home# cat 1.php
<?php
echo "It's alive!"
?>
 
root@designer:/home# vi 1.php
root@designer:/home# ./1.php
It's alive!
root@designer:/home# cat 1.php
#!/usr/bin/php
<?php
echo "It's alive!"
?>
 
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Cron Job PHP File

Post by kaisellgren »

VladSun wrote:
kaisellgren wrote:You call it to the PHP interpreter -- anyway, you also need Executive permissions if your not using Windows.
I don't think I get this one ... again... :oops:

I mean:

Code: Select all

root@designer:/home# chmod 0500 1.php
root@designer:/home# ./1.php
./1.php: line 1: ?php: No such file or directory
It's alive!
./1.php: line 3: syntax error near unexpected token `newline'
./1.php: line 3: `?>'
root@designer:/home# cat 1.php
<?php
echo "It's alive!"
?>
 
root@designer:/home# vi 1.php
root@designer:/home# ./1.php
It's alive!
root@designer:/home# cat 1.php
#!/usr/bin/php
<?php
echo "It's alive!"
?>
 
If you CHMOD a PHP file to 0666 for instance, then execute it directly with Crontab it won't work, because executive permissions are not set.

Mostly CHMODing to 0400 is enough for PHP files, but under certain circumstances the group read must be also checked, but executive is never needed unless you are calling from Crontab or other application than Apache (=owner) :P

By the way, it's good that echo doesn't need parenthesises, but leaving the semicolon? That's new :)

EDIT: Mostly people upload a PHP file with FTP to their web space, this way the owner isn't Apache, so the executive permission is needed for PHP files if you are going to play with Crontab or other application. But if the PHP file owner is the same that runs the Crontab, then it's of course not needed (the exec permission).
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: Cron Job PHP File

Post by VladSun »

kaisellgren wrote:If you CHMOD a PHP file to 0666 for instance, then execute it directly with Crontab it won't work, because executive permissions are not set.
Again, my examples :)

Code: Select all

root@designer:/home# chmod 0666 1.php
root@designer:/home# ./1.php
-bash: ./1.php: Permission denied
root@designer:/home# php -q 1.php
It's alive!
kaisellgren wrote:By the way, it's good that echo doesn't need parenthesises, but leaving the semicolon? That's new :)
Yeah, I dind't notice it but it works! :)
Try it:

Code: Select all

root@designer:/home# cat 1.php
#!/usr/bin/php
<?php
echo "It's alive!"
?>
root@designer:/home# php -v
PHP 4.4.4-8+etch6 (cli) (built: May 16 2008 15:59:34)
Copyright (c) 1997-2006 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies
 
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Cron Job PHP File

Post by kaisellgren »

VladSun wrote:

Code: Select all

root@designer:/home# chmod 0666 1.php
root@designer:/home# ./1.php
-bash: ./1.php: Permission denied
root@designer:/home# php -q 1.php
It's alive!
That makes sense :)

Have you ever used a file that uses 0100 ;)?
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: Cron Job PHP File

Post by VladSun »

kaisellgren wrote:Have you ever used a file that uses 0100 ;)?
No, I haven't but... :

Code: Select all

vladsun@designer:~$ chmod 0100 1
vladsun@designer:~$ ./1
Could not open input file: ./1
vladsun@designer:~$ cat 1
cat: 1: Permission denied
 
root@designer:/home/vladsun# ls -l 1
---x------ 1 vladsun vladsun 42 2009-01-15 00:10 1
root@designer:/home/vladsun# ./1
It's alive
;)

It's good to be root :)
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Cron Job PHP File

Post by kaisellgren »

VladSun wrote:
kaisellgren wrote:Have you ever used a file that uses 0100 ;)?
No, I haven't but... :

Code: Select all

vladsun@designer:~$ chmod 0100 1
vladsun@designer:~$ ./1
Could not open input file: ./1
vladsun@designer:~$ cat 1
cat: 1: Permission denied
 
root@designer:/home/vladsun# ls -l 1
---x------ 1 vladsun vladsun 42 2009-01-15 00:10 1
root@designer:/home/vladsun# ./1
It's alive
;)

It's good to be root :)
Feels damn good, doesn't it :)

I made an installer in PHP. It unpacks .php files, then I realised that I couldn't delete those with my FTP client since it differed from Apache user :P -- I had to CHMOD to public write and then I managed to delete the files through FTP.
AGISB
Forum Contributor
Posts: 422
Joined: Fri Jul 09, 2004 1:23 am

Re: Cron Job PHP File

Post by AGISB »

Yes I ment CLI

One of the things mentioned why to use CLI is: "running scheduled (CRON) taks written in php"

So it could have been an issue here... of course only if he uses Linux/Unix
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: Cron Job PHP File

Post by VladSun »

Sorry, I thought you were talking about comiling PHP files into binary executable ones.
There are 10 types of people in this world, those who understand binary and those who don't
Post Reply