westman Posted February 14, 2019 Share Posted February 14, 2019 Hi all, I have a file at the following directory... www.mysite.com/folder/file.php I have a cron job running file.php and all is well there. How do I stop the file running the code if some one enters my file directory in the address bar? Link to comment Share on other sites More sharing options...
justsomeguy Posted February 14, 2019 Share Posted February 14, 2019 On our servers, I use this: $php_command_line = strpos(php_sapi_name(), 'apache') === false && (strpos(php_sapi_name(), 'cgi') !== false || strpos(php_sapi_name(), 'cli') !== false); Then I can check if $php_command_line is true to figure out if it is a command-line execution or if it's being executed through the web server. The above line probably won't work for you unless your web server is configured like ours, but use php_sapi_name to see what it returns when you run the page in a browser versus on the command line. You might be able to check for other differences also: http://php.net/manual/en/features.commandline.differences.php For example, obviously PHP wouldn't look for cookies on a command line, but I don't know if that means that $_COOKIE is always empty, or if it doesn't exist at all. Link to comment Share on other sites More sharing options...
westman Posted February 15, 2019 Author Share Posted February 15, 2019 Thank you for the insight. I tried the code you gave but it did not work for me. I have use... if (php_sapi_name() != 'cli') { header('location:http://mysite.com'); exit(); } at the top of the page and it seems to do the job. When I type the file directory in the address bar the code in the file does not run and I am moved to the home page. At the same time using the code above, my cron job works fine. If the code above is not the best way of stopping access from the URL please tell me. Also, how do I grant access to another php file that are including a file that is blocking URL access using the code above? Link to comment Share on other sites More sharing options...
justsomeguy Posted February 15, 2019 Share Posted February 15, 2019 Anything running on the command line can include that file without a problem. Link to comment Share on other sites More sharing options...
westman Posted February 15, 2019 Author Share Posted February 15, 2019 I think I was miss understood. My second question was meant to mean at run time - not using the command line. If my index.php includes www.mysite.com/folder/file.php and file.php has the above code at the top, how do I grant access to index.php? Link to comment Share on other sites More sharing options...
justsomeguy Posted February 15, 2019 Share Posted February 15, 2019 If you want to change the conditions, maybe you can use the information in $_SERVER to help you test what you want to test. Link to comment Share on other sites More sharing options...
westman Posted February 16, 2019 Author Share Posted February 16, 2019 If I have the following code in header.php and index.php is including header.php, will header.php be protected from URL access? if(!isset($_SERVER['HTTP_REFERER'])){ header('location:../index.php'); exit(); } Link to comment Share on other sites More sharing options...
rootKID Posted February 17, 2019 Share Posted February 17, 2019 Hmm hello. I am not sure if this is helpful? Mostly because i dont use CRON jobs (yet). But what about using "defines"? Say in index.php you put in top of the file "define("derp")" and then in the file.php you are including, put: if(defined("derp")) {RUN YOUR CODE IN HERE TO SHOW ON INDEX PAGE!}else{die() "or just send back to index.php with header..."} I am using this, but i am not so sure this will work if you are using CRON jobs since defines dosent really do anything except checking if something is defined, and if so then execute.. it cannot differentiate from URL execution to CRON execution - so this should happen on all executions. Again, not sure if this is helpful at all but i know for sure this is working for me - without the cron jobs. however, if cron jobs are needed, then you should be able to do another thing that might work (i think). You can still use the define method, however, only wrap the define method around the places you wish to show in index.php. So say you got 1 peace of code you wanna execute to index.php and you still have running CRON jobs, and you already know that the CRON job is just executing and not with the defined definer... then in the if statement, put all the things you would like to show on index.php and in the else part, only put the things you would like for the CRON to run. Because the index.php has the defined string, and CRON does not, it should work. In that way you can include the file BUT seperate the 2 actions... again... i think. This was just a quick thinking solution, not sure it actually works, since i am still playing with CRON jobs myself. Test it and come back if it does not work. Good info before doing this, take a backup/copy of the original file if you have a lot of data - to make sure you still have the original - just in case Link to comment Share on other sites More sharing options...
justsomeguy Posted February 18, 2019 Share Posted February 18, 2019 If I have the following code in header.php and index.php is including header.php, will header.php be protected from URL access? No, you're just checking for a referer header. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now