Welcome to WebmasterWorld Guest from 54.224.230.193

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Run a php script through cron avoiding access from a browser.

Or find some way to ensures that the script is running only once at a day.

     
4:14 pm on Sep 3, 2009 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 22, 2005
posts: 185
votes: 0


Hi.

I must to run a script in a scheduled basis: daily.
No problem, I call through cronjob a file including something like this:

wget --delete-after [localhost...] > /dev/null &

I have used it before. But now is very important ensures that this script do not be run from a browser, but only by cron.

Any idea?

Another approach is find some way to ensures that the script is running once at a day. No more no less.

Thanks.-

5:35 pm on Sept 3, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


Can't you just put the script off of any domain root so it's not accessible via the web?
5:41 pm on Sept 3, 2009 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 22, 2005
posts:185
votes: 0


Yes rocknbil. I thought in that. I'll try it and comment it soon. Thanks.-
5:47 pm on Sept 3, 2009 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 22, 2005
posts:185
votes: 0


The truth is that the script really is a wordpress page. So it must be accessed trough a public path.
8:22 pm on Sept 3, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Nov 28, 2004
posts:7999
votes: 0


My first thought would be in the script, test the environment variables for anything that indicates a public request - like REQUEST_FILENAME, QUERY_STRING, or so on. If found, exit immediately. Often these can be spoofed or not actually sent by web clients, so you'll have to check what variables are incoming, etc. Or you could check the user of the script - the user should be root (I think, which is what executes cron) and any others - apache, nobody, whatever - and disallow if any user other than root requests it.

There may be a better PHP-ish way to prevent this, but overall this should work.

8:42 pm on Sept 3, 2009 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 22, 2005
posts:185
votes: 0


Thanks rocknbil.

Yes, I did tried the recognition of the user and I am not sure of the results. I did the test with exec("whoami") (storing value with wp:update_site_option()) while running through cron, but then I realized of another problems. And I forgot check the results.

I have a private directory /private_path/cron.php (700)
and run cron like me (nomikos) not root.

* * * * * /usr/bin/wget -q -t 1 --delete-after [localhost.localdomain...]

Anyway, I must go out now. Thanks again rocknbil. I will succed! And show it here.

Bye.-

5:13 pm on Sept 4, 2009 (gmt 0)

Full Member

5+ Year Member

joined:Aug 17, 2007
posts:320
votes: 0


You just need to add this code as the first line of your php file to prevent access from the web

if ($_SERVER["REMOTE_ADDR"] != $_SERVER["SERVER_ADDR"]) die("Invalid Request");

6:04 pm on Sept 4, 2009 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 22, 2005
posts:185
votes: 0


What a cool idea!
I will try it...
6:42 pm on Sept 5, 2009 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 22, 2005
posts:185
votes: 0


Yes, it works perfectly.
Thanks.---
10:32 am on Sept 7, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


..

[edited by: g1smd at 10:39 am (utc) on Sep. 7, 2009]

10:33 am on Sept 7, 2009 (gmt 0)

Senior Member

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:July 3, 2002
posts:18903
votes: 0


For your cron job, you might not need to state the HTTP method or domain name.

I use:

08,38 * * * * /usr/bin/php /var/www/example.com/autoscripts/script7version5.php >> /home/username/logfiles/script7.log

I never run scripts on the quarters. Think about shared-server load.

11:20 am on Sept 7, 2009 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 22, 2005
posts:185
votes: 0


"I never run scripts on the quarters. Think about shared-server load."
>> OK. good advice.

"08,38 * * * *"
>> * * * * * was only as example.

As I said g1smd, I run a WP script. Finally I did it like this:

if ($_GET['delivery_now']) 
{
# only run from local enviroment
if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR'])
{
die('Invalid Request');
}

$time = time();
$time = date('H:i:s:n:j:Y', $time);
$time = explode(':', $time);
$today_delivery = mktime(0, 0, 0, $time[3], $time[4], $time[5]);

# only one delivery for day
if ($today_delivery == get_site_option('celebrations_last_delivery'))
{
die('Delivery Already Sent');
}

update_site_option('celebrations_last_delivery', $today_delivery);

# OK, run it
daily_function();
}

Question:

You say that it is possible:

* * * * * /usr/bin/php /var/www/html/wpmu/index.php?delivery_now=1

and if it not accept QUERY_STRING, at least:

* * * * * /usr/bin/php /var/www/html/wpmu/delivery_now.php

where delivery_now.php being:

header('location: http : //localhost.localdomain/wpmu/index.php?delivery_now=1');

If it is, believe me, I will spend some time experimenting.