CODEWITHSUNDEEP
phpapache
rnunes
rnunes

Reputation: 2835

Create a local .php page on my server

I'm running a few PHP web applications that are basically forms to manage a MySQL database content (add, remove and update). Right now I want to be able to insert data programatically, but I've put all of the logic in PHP (no validations on database side) and I want to reuse the PHP logic that I have.

I thought about having a new URI that receives the product parameters in query string, but I only want that that endpoint is available when it's called from inside the server (to avoid external users to call it).

I'm running an Apache Server in Ubuntu 12.04. I hope I explained this well

Upvotes: 0

Views: 110

Answers (2)

Marc B
Marc B

Reputation: 360562

Don't do a full-blown HTTP request to your own server. That's a pointless waste of resources, and also opens a whole whack of security issues.

Rewrite your code so it's properly callable as a function, then it's a simple a matter of:

functions.php:

<?php
function do_whatever_it_is_you_want() {
    echo 'yo';
}

index.php:

<?php
include('functions.php');
do_whatever_it_is_you_want();

Now there's no security issues in "exposing" the functionality to the world because it's not being invoked directly via URL - only via code that you have complete control over.

Upvotes: 2

Carlos Campderr&#243;s
Carlos Campderr&#243;s

Reputation: 22972

You can take a look at $_SERVER['REMOTE_ADDR'], which is the address of the client connecting to a php script.

if ($_SERVER['REMOTE_ADDR'] == '127.0.0.1') {
  // connection from localhost, proceed
} else {
  // connection from the outside, deny
  header('403 Forbidden');
  echo "You are not allowed to be here.";
  die();
}

Take into account that if you have a reverse proxy in the same machine, then all connections to your script will come from the proxy, and you will have no way to know if they are really from localhost or from another host.

Comment from @x4rf41 is also good, managing that from the webserver layer (although it has the same problem with reverse proxies).

Another option would be a command line script instead of a web page, where you would pass the data as parameters to the script:

#!/usr/bin/env php
<?php
// total number of params is in $argc (minus 1, for the script name)
// param 1 in $argv[1]
// param 2 in $argv[2]...
// argv[0] is reserved for the name of the script

if ($argc != 5) {
  fprintf("STDERR: %s param1 param2 param3 param4\n", $argv[0]);
  exit(1);
}

// do your logic here

Upvotes: 2

Related Questions