Welcome to WebmasterWorld Guest from 54.166.227.36

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Run a php script through cron avoiding access from a browser.

Or find some way to ensures that the script is running only once at a day.

     
4:14 pm on Sep 3, 2009 (gmt 0)

10+ Year Member



Hi.

I must to run a script in a scheduled basis: daily.
No problem, I call through cronjob a file including something like this:

wget --delete-after [localhost...] > /dev/null &

I have used it before. But now is very important ensures that this script do not be run from a browser, but only by cron.

Any idea?

Another approach is find some way to ensures that the script is running once at a day. No more no less.

Thanks.-

5:35 pm on Sep 3, 2009 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Can't you just put the script off of any domain root so it's not accessible via the web?
5:41 pm on Sep 3, 2009 (gmt 0)

10+ Year Member



Yes rocknbil. I thought in that. I'll try it and comment it soon. Thanks.-
5:47 pm on Sep 3, 2009 (gmt 0)

10+ Year Member



The truth is that the script really is a wordpress page. So it must be accessed trough a public path.
8:22 pm on Sep 3, 2009 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



My first thought would be in the script, test the environment variables for anything that indicates a public request - like REQUEST_FILENAME, QUERY_STRING, or so on. If found, exit immediately. Often these can be spoofed or not actually sent by web clients, so you'll have to check what variables are incoming, etc. Or you could check the user of the script - the user should be root (I think, which is what executes cron) and any others - apache, nobody, whatever - and disallow if any user other than root requests it.

There may be a better PHP-ish way to prevent this, but overall this should work.

8:42 pm on Sep 3, 2009 (gmt 0)

10+ Year Member



Thanks rocknbil.

Yes, I did tried the recognition of the user and I am not sure of the results. I did the test with exec("whoami") (storing value with wp:update_site_option()) while running through cron, but then I realized of another problems. And I forgot check the results.

I have a private directory /private_path/cron.php (700)
and run cron like me (nomikos) not root.

* * * * * /usr/bin/wget -q -t 1 --delete-after [localhost.localdomain...]

Anyway, I must go out now. Thanks again rocknbil. I will succed! And show it here.

Bye.-

5:13 pm on Sep 4, 2009 (gmt 0)

5+ Year Member



You just need to add this code as the first line of your php file to prevent access from the web

if ($_SERVER["REMOTE_ADDR"] != $_SERVER["SERVER_ADDR"]) die("Invalid Request");

6:04 pm on Sep 4, 2009 (gmt 0)

10+ Year Member



What a cool idea!
I will try it...
6:42 pm on Sep 5, 2009 (gmt 0)

10+ Year Member



Yes, it works perfectly.
Thanks.---
10:32 am on Sep 7, 2009 (gmt 0)

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



..

[edited by: g1smd at 10:39 am (utc) on Sep. 7, 2009]

10:33 am on Sep 7, 2009 (gmt 0)

WebmasterWorld Senior Member g1smd is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



For your cron job, you might not need to state the HTTP method or domain name.

I use:

08,38 * * * * /usr/bin/php /var/www/example.com/autoscripts/script7version5.php >> /home/username/logfiles/script7.log

I never run scripts on the quarters. Think about shared-server load.

11:20 am on Sep 7, 2009 (gmt 0)

10+ Year Member



"I never run scripts on the quarters. Think about shared-server load."
>> OK. good advice.

"08,38 * * * *"
>> * * * * * was only as example.

As I said g1smd, I run a WP script. Finally I did it like this:

if ($_GET['delivery_now']) 
{
# only run from local enviroment
if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR'])
{
die('Invalid Request');
}

$time = time();
$time = date('H:i:s:n:j:Y', $time);
$time = explode(':', $time);
$today_delivery = mktime(0, 0, 0, $time[3], $time[4], $time[5]);

# only one delivery for day
if ($today_delivery == get_site_option('celebrations_last_delivery'))
{
die('Delivery Already Sent');
}

update_site_option('celebrations_last_delivery', $today_delivery);

# OK, run it
daily_function();
}

Question:

You say that it is possible:

* * * * * /usr/bin/php /var/www/html/wpmu/index.php?delivery_now=1

and if it not accept QUERY_STRING, at least:

* * * * * /usr/bin/php /var/www/html/wpmu/delivery_now.php

where delivery_now.php being:

header('location: http : //localhost.localdomain/wpmu/index.php?delivery_now=1');

If it is, believe me, I will spend some time experimenting.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month