Results 1 to 4 of 4

Thread: Page accessibilty?

  1. #1
    Join Date
    Jul 2007
    Location
    England
    Posts
    41
    Thanks
    3
    Thanked 0 Times in 0 Posts

    Question Page accessibilty?

    I'm not sure if this is in the correct place or not (apologies if this is the case), but here goes anyway.

    I have a cron job set up to visit mypage.php every hour. How would I go about making this page accessible ONLY to cron? My reason is that I don't want any Tom, **** or Harry visiting the page and triggering the script inside it (which would totally mess up a lot of things).

    I'm not sure if this can be done with something like chmod or if I would need a special script (PHP or otherwise).

    Any suggestions?

    Thanks in advance, MrRSMan.

  2. #2
    Join Date
    Mar 2005
    Location
    SE PA USA
    Posts
    29,000
    Thanks
    44
    Thanked 3,198 Times in 3,160 Posts
    Blog Entries
    12

    Default

    What I do when I have a page I don't want anyone accessing is to put it up one level from the public folder. This varies, but on most servers it's the public_html folder.

    So, I have file:

    ticket_bundles.php

    in:

    public_html

    It accesses an include that I don't want anyone being able to see by itself. In my FTP client I go up one level and create (if there isn't one there already) a folder named includes.

    I put my include file in there, call it my_include.php - Now on the ticket_bundles.php file, I reference it as:

    include '../includes/my_include.php';

    PHP can find and use this file. But, as it is above the root of the domain, no one can navigate to it on its own.
    - John
    ________________________

    Show Additional Thanks: International Rescue Committee - Donate or: The Ocean Conservancy - Donate or: PayPal - Donate

  3. #3
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,162
    Thanks
    263
    Thanked 690 Times in 678 Posts

    Default

    There are a number of ways you can do this. The most secure (at least without lots of additional setup) is what John said above.

    Here are some other ideas if that is not available:
    1. Limit access by IP-- it should only be the local IP (I'm not sure what this value is for a cron job and it would be hard to test, but you could figure it out with enough trial and error).
    2. Add a variable in the script to check if the access is legitimate. You could do this with a variable in the url: ?cron=1. Then use $_GET['cron'] and be sure it's equal to 1... anyone who doesn't know to use that in the url will be denied access. That's not "secure", but it is secure enough if no one knows the trick-- you can think of is as an unknown method few people would guess about, but also as a username/password combo with "cron" as the username and "1" as the password-- feel free to change them to anything you want (though be aware that particularly odd symbols in the url might not work).
    3. Don't worry about it-- just don't tell anyone the address for the page. Assuming no other sources link to it, give the page a weird name and no one will go to it.
    4. Why can't others go to it? Aside from server load, if you don't output anything (and you wouldn't-- cron jobs don't have output html, etc.), then they won't know what they're seeing-- just copy a 404 error and output that while actually executing the code. They'll have no idea what they're seeing, see no behind the scenes info, and the process will be run extra-- just an extra run for the "cron" job.
    5. You could also try something with .htaccess... not sure how you'd monitor the traffic, though.
    6. Finally, if security is a huge issue, you could do something beyond php cron jobs-- do something on the server that is not accessible via the web, like an exe that does the cron stuff. This is more work, but it's also more secure if there is really something crucial about this page.

    I'm sure there are many other ways to do this, but those should be plenty for now. You could also combine a few.
    Daniel - Freelance Web Design | <?php?> | <html>| espa˝ol | Deutsch | italiano | portuguŕs | catalÓ | un peu de franšais | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  4. #4
    Join Date
    Jan 2008
    Location
    High Wycombe, UK
    Posts
    6
    Thanks
    0
    Thanked 1 Time in 1 Post

    Default

    Quote Originally Posted by djr33 View Post
    3. Don't worry about it-- just don't tell anyone the address for the page. Assuming no other sources link to it, give the page a weird name and no one will go to it.
    Simplest option.

    Just make a bizarre URL e.g.

    http://example.com/v9hw3g/your-special-page-VHOsdg7hfHF.htm
    Last edited by jscheuer1; 12-18-2009 at 10:49 AM. Reason: remove hot link from broken link

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •