Reputation: 4651
PHP Code to stop a script to run from browser
Envoirnment : Linux, PHP
Scenario : I have written a script which will be set as a cron. Now the case is that I want the script to run only through cron and not through any browser (any web browser including mobile browsers). So I am looking for a function something like browserValidate.
The script is written in MVC framework and will be run as
/usr/bin/GET http://xyz.com/abc/pqr
Please help me with this.
Thanks in advance.
Upvotes: 6
Views: 5664
Answers (5)
Reputation: 34632
When executing the script from within crontab, you could use the $_SERVER superglobal to either check for Apache generated entries (HTTP_*) or - since $_SERVER reflects the executing binary's environment - define a certain environment variable prior to execution:
# in the crontab
FOOVAR=1 /usr/bin/php5 script.php
Then, in script.php, check for FOOVAR existence:
if (!isset($_SERVER['FOOVAR']))
die('No browser access.');
If your cronjob is being executed with wget and the client IP is the server's, you could add this to an .htaccess file:
SetEnvIf Remote_Addr "192.168.0.1" FOOVAR=1
This will set FOOVAR only if the client's IP address is "192.168.0.1".
Upvotes: 8
Reputation: 1481
I've edited this to explain better:
Since you're using /usr/bin/GET to fetch a page via HTTP I'm assuming that you have two separate servers: First, one that PHP script is on and where you can't run cron scripts. Second, one where you are running the /usr/bin/GET fetch in cron as a workaround for that.
A simple way might be to simply post a unique identifier in the url and check in the script like:
/usr/bin/GET http://xyz.com/abc/pqr/SomeUniqueIdentifier
Another way could be to use the -H option with /usr/bin/GET to set the User-Agent header to something unique like:
/usr/bin/GET -H "User-Agent: SomeUniqueIdentifier" http://xyz.com/abc/pqr
The PHP script would then check the user agent string for this unique identifier like:
if (strcmp($_SERVER['HTTP_USER_AGENT'], "SomeUniqueIdentifier") == 0)
{
// do whatever
}
else
{
// do nothing
exit();
}
Neither way is 100% secure but can help out.
Upvotes: 1
Reputation: 23244
One quick way is to check the request ip address and only run if it is the local host ip.
Of course, you need to add some more code later (check user agent, referer etc..) to make sure that even a browser locally does not trigger the script.
Upvotes: 1
Reputation: 22956
Move the script outside of the web directory and execute it on the command line. Parse the arguments to the script for the appropriate GET and POST variable population.
see http://www.php.net/manual/en/features.commandline.php#94912
Upvotes: 0
Reputation: 88667
As @Mob said, the sure fire way to achieve this is to put the script in a place where it cannot be accessed through the web server. If this is not possible or you don't want to do it for some reason, you need to detect whether the script was called via a web server or through the command line.
My favourite approach for this (there are many) is:
$isRunningFromBrowser = !isset($GLOBALS['argv']);
This means that if $isRunningFromBrowser is true, you just exit/return an error message/whatever.
Upvotes: 9
Related Questions
- run php script only by cron
- How do I stop a PHP script running on the background
- Prevent script requested by CURL (via CRON) from running in browser
- how to stop a script running in PHP
- Stop php script execution
- Stop executing a script?
- Kill or stop execution of PHP script initiated by CRON?
- Making Crons to quit running an existing script
- How do I stop a script running in UNIX?
- How to start/stop a cronjob using PHP?