| 5:35 pm on Sep 3, 2009 (gmt 0)|
Can't you just put the script off of any domain root so it's not accessible via the web?
| 5:41 pm on Sep 3, 2009 (gmt 0)|
Yes rocknbil. I thought in that. I'll try it and comment it soon. Thanks.-
| 5:47 pm on Sep 3, 2009 (gmt 0)|
The truth is that the script really is a wordpress page. So it must be accessed trough a public path.
| 8:22 pm on Sep 3, 2009 (gmt 0)|
My first thought would be in the script, test the environment variables for anything that indicates a public request - like REQUEST_FILENAME, QUERY_STRING, or so on. If found, exit immediately. Often these can be spoofed or not actually sent by web clients, so you'll have to check what variables are incoming, etc. Or you could check the user of the script - the user should be root (I think, which is what executes cron) and any others - apache, nobody, whatever - and disallow if any user other than root requests it.
There may be a better PHP-ish way to prevent this, but overall this should work.
| 8:42 pm on Sep 3, 2009 (gmt 0)|
Yes, I did tried the recognition of the user and I am not sure of the results. I did the test with exec("whoami") (storing value with wp:update_site_option()) while running through cron, but then I realized of another problems. And I forgot check the results.
I have a private directory /private_path/cron.php (700)
and run cron like me (nomikos) not root.
* * * * * /usr/bin/wget -q -t 1 --delete-after [localhost.localdomain...]
Anyway, I must go out now. Thanks again rocknbil. I will succed! And show it here.
| 5:13 pm on Sep 4, 2009 (gmt 0)|
You just need to add this code as the first line of your php file to prevent access from the web
if ($_SERVER["REMOTE_ADDR"] != $_SERVER["SERVER_ADDR"]) die("Invalid Request");
| 6:04 pm on Sep 4, 2009 (gmt 0)|
What a cool idea!
I will try it...
| 6:42 pm on Sep 5, 2009 (gmt 0)|
Yes, it works perfectly.
| 10:32 am on Sep 7, 2009 (gmt 0)|
[edited by: g1smd at 10:39 am (utc) on Sep. 7, 2009]
| 10:33 am on Sep 7, 2009 (gmt 0)|
For your cron job, you might not need to state the HTTP method or domain name.
08,38 * * * * /usr/bin/php /var/www/example.com/autoscripts/script7version5.php >> /home/username/logfiles/script7.log
I never run scripts on the quarters. Think about shared-server load.
| 11:20 am on Sep 7, 2009 (gmt 0)|
"I never run scripts on the quarters. Think about shared-server load."
>> OK. good advice.
"08,38 * * * *"
>> * * * * * was only as example.
As I said g1smd, I run a WP script. Finally I did it like this:
# only run from local enviroment
if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR'])
$time = time();
$time = date('H:i:s:n:j:Y', $time);
$time = explode(':', $time);
$today_delivery = mktime(0, 0, 0, $time, $time, $time);
# only one delivery for day
if ($today_delivery == get_site_option('celebrations_last_delivery'))
die('Delivery Already Sent');
# OK, run it
You say that it is possible:
* * * * * /usr/bin/php /var/www/html/wpmu/index.php?delivery_now=1
and if it not accept QUERY_STRING, at least:
* * * * * /usr/bin/php /var/www/html/wpmu/delivery_now.php
where delivery_now.php being:
header('location: http : //localhost.localdomain/wpmu/index.php?delivery_now=1');
If it is, believe me, I will spend some time experimenting.