how to make php page disabled from browser

Question

I'm writing a PHP script that I want to disable from web access (I will ask users to move it out of the web root and execute via CLI, but you never know if they'll listen!)

Is there a simple function that occurs to anyone to make the page die if it's requested by a browser?

Thanks for any ideas.

Answer 1

You could test whether the script is being run through the CLI using php_sapi_name().

It can return a whole bunch of different possible values when run on a HTTP server - difficult to make a reliable distinction there - but there seems to be only one possible return value for the CLI: cli.

If you're looking for an all-purpose solution, make sure you read the comment thread below for more detailed discussion on some potential gotchas.

Answer 2

'PHP_SELF' The filename of the currently executing script, relative to the document root. For instance, $_SERVER['PHP_SELF'] in a script at the address http://example.com/test.php/foo.bar would be /test.php/foo.bar. The FILE constant contains the full path and filename of the current (i.e. included) file. If PHP is running as a command-line processor this variable contains the script name since PHP 4.3.0. Previously it was not available.

http://www.php.net/manual/en/reserved.variables.server.php

Answer 3

you can use php-sapi-name or you can use the predefined constant which is marginally faster (although you'd never notice!)

<?php
if(PHP_SAPI != 'cli') exit;
// continue

Answer 4

$sapi_type = php_sapi_name();
if (substr($sapi_type, 0, 3) != 'cli') {
    die "You are not using CLI".PHP_EOL;
}

Answer 5

I'm not a PHP expert but you could check the $_SERVER variable ?

Answer 6

You can use php-sapi-name function to detect if script was requested by web server or cli interface.