Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 8 of 8

Thread: Cronjob help

  1. #1
    Regular Coder
    Join Date
    Jan 2007
    Posts
    217
    Thanks
    9
    Thanked 0 Times in 0 Posts

    Cronjob help

    Hey, i want a page to be executed every hour which will reset some settings on my site. I've worked out how to do this with Cron and i've got that working. The only problem is, if a user gets lucky and finds out the filename of the script that is executed, they can reset the settings whenever they want.

    I was wondering if some of you can give me some ideas to look at so that a user cannot open the script or which stops it executing when a user visits it.

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,468
    Thanks
    8
    Thanked 1,085 Times in 1,076 Posts
    First, give it a strange filename, like "cronjob487634.php"

    Then, in the beginning of the script, look for a variable:

    $test=$_GET['action'];
    if($test === "go"){

    the main part of your script

    }


    Your cronjob will provide that variable when it runs.
    Nobody will be able to determine that a variable is needed.

    cronjob487634.php?action=go

  • #3
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,043
    Thanks
    19
    Thanked 42 Times in 42 Posts
    you could even make it harder and give the variable a strange name
    PHP Code:
    if ($_GET['umpaloompa'] == nbioafjj) {
    do 
    something;
    }else{
    exit;


  • #4
    Senior Coder
    Join Date
    Apr 2007
    Location
    Quakertown PA USA
    Posts
    1,028
    Thanks
    1
    Thanked 125 Times in 123 Posts
    or just place the script above your document root.

  • #5
    New to the CF scene
    Join Date
    Jul 2009
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Is this possible using $_POST instead of GET?

    On my case I need to use $_POST but the cron does not submit the Post.
    On firefox or any other browser no problem...

    many thanks
    jsarmento

  • #6
    Regular Coder Zangeel's Avatar
    Join Date
    Oct 2007
    Location
    public_html/
    Posts
    638
    Thanks
    17
    Thanked 79 Times in 79 Posts
    You can always check the referrer can't you? make sure the referrer is the crons. But if you can cron a file above the public html, that should work. I never really used crons so just throwin some ideas at ya.

  • #7
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,468
    Thanks
    8
    Thanked 1,085 Times in 1,076 Posts
    jsarmento ...

    Show us what you already have.
    There is a way to use POST but I don't know if you'll figure out how
    to incorporate my snippet ... that's why I want to see what you have so far.

  • #8
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,642
    Thanks
    2
    Thanked 405 Times in 397 Posts
    Assuming the php.ini setting "register_argc_argv" is off(which it is by default, for performance reasons), you can check to see if $argv is set. It will be set when run from the command line, and won't be set when loaded through the web server. But, ideally the file would be out of the web root, or in a directory with an .htaccess file that denies all requests.

    Quote Originally Posted by Zangeel View Post
    You can always check the referrer can't you? make sure the referrer is the crons. But if you can cron a file above the public html, that should work. I never really used crons so just throwin some ideas at ya.
    No, you absolutely can not trust the referrer. It is a header sent from the client, and can be easily manipulated.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •