...

View Full Version : Cronjob help



ole90
08-04-2007, 01:11 PM
Hey, i want a page to be executed every hour which will reset some settings on my site. I've worked out how to do this with Cron and i've got that working. The only problem is, if a user gets lucky and finds out the filename of the script that is executed, they can reset the settings whenever they want.

I was wondering if some of you can give me some ideas to look at so that a user cannot open the script or which stops it executing when a user visits it.

mlseim
08-04-2007, 07:20 PM
First, give it a strange filename, like "cronjob487634.php"

Then, in the beginning of the script, look for a variable:

$test=$_GET['action'];
if($test === "go"){

the main part of your script

}


Your cronjob will provide that variable when it runs.
Nobody will be able to determine that a variable is needed.

cronjob487634.php?action=go

rafiki
08-04-2007, 07:29 PM
you could even make it harder and give the variable a strange name


if ($_GET['umpaloompa'] == nbioafjj) {
do something;
}else{
exit;
}

PappaJohn
08-04-2007, 09:09 PM
or just place the script above your document root.

jcsarmento
07-13-2009, 01:19 AM
Is this possible using $_POST instead of GET?

On my case I need to use $_POST but the cron does not submit the Post.
On firefox or any other browser no problem...

many thanks
jsarmento

Zangeel
07-13-2009, 01:29 AM
You can always check the referrer can't you? make sure the referrer is the crons. But if you can cron a file above the public html, that should work. I never really used crons so just throwin some ideas at ya.

mlseim
07-13-2009, 04:02 AM
jsarmento ...

Show us what you already have.
There is a way to use POST but I don't know if you'll figure out how
to incorporate my snippet ... that's why I want to see what you have so far.

Inigoesdr
07-13-2009, 04:10 AM
Assuming the php.ini setting "register_argc_argv" is off(which it is by default, for performance reasons), you can check to see if $argv is set. It will be set when run from the command line, and won't be set when loaded through the web server. But, ideally the file would be out of the web root, or in a directory with an .htaccess file that denies all requests.


You can always check the referrer can't you? make sure the referrer is the crons. But if you can cron a file above the public html, that should work. I never really used crons so just throwin some ideas at ya.

No, you absolutely can not trust the referrer. It is a header sent from the client, and can be easily manipulated.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum