0

Hi,

I have created cron job that runs a php file once a day. Its working exactly as I want it I am just enquiring where I should save it in my site? Its a wordpress website and while testing it I have it saved in my public_html file. Im new to this so not sure its proper procedure to save it here or not?

Any advice would be really appreciated.

Donna :)

2
Contributors
7
Replies
34
Views
2 Years
Discussion Span
Last Post by donz365
0

Hi!

If you can, place it outside the public_html directory, so it cannot be executed by requesting the file through the web.

Otherwise write this in top of the script:

<?php

    if(php_sapi_name() != 'cli')
    {
        header("HTTP/1.1 403 Forbidden");
        die('Error: 403 Forbidden.');
    }
0

Thanks Cereal, I added the above code and ran the cron job but it returned the Error: 403 Forbidden message rather than running it?

0

Uh, so how is this job executed?

Usually a cron job is listed into a crontab file and executed by the cron daemon running in the server, so it's an internal task. As explained here:

If you're using an external service to run the jobs or your hosting is practicing another method then just remove my code suggestion and leave the script in public_html, unless your hosting configuration does not suggest something different, if still in doubt ask to the support.

2

Would setting the folder and file permission to 711 suffice?

Hmm, no this doesn't solve, because the request will be executed through the TCP/IP stack, so the owner of the process will be the web server or the PHP server (in case of PHP-FPM) and any client through a web request could start the backup procedure.

Usually a cron job should be set like this:

/usr/bin/php /var/www/path/to/testCronJobLIVE.php

Or by setting the shebang in the script to define the executable:

#!/usr/bin/env php

echo 'Hello';

And then simply pointing the script in the crontab interface:

/var/www/path/to/testCronJobLIVE.php

That way you can set the script outside the public_html directory. But if you still want to stick with TCP solution, then you could set an extra header with a string value to match, something like:

<?php

if( ! array_key_exists('HTTP_AUTHORIZATION', $_SERVER) || $_SERVER['HTTP_AUTHORIZATION'] != 'Donna')
{
    header("HTTP/1.1 403 Forbidden");
    die('Error: 403 Forbidden.');
}

# execute your code
print 'hello';
print PHP_EOL;

And at cron job level:

curl --header "Authorization: Donna" http://digitalmediasolutions.ie/course-updates/testCronJobLIVE.php 

I'm not sure lynx can set custom headers as it is a browser. You could use curl as in my example or httpie:

http GET http://digitalmediasolutions.ie/course-updates/testCronJobLIVE.php "Authorization: Donna"

Is this secure? Not really, if the request is intercepted then the header could be read, unless you can send through https.

0

Thanks, I am going to park it for now and get back to it. Think I need to learn a whole lot more before going any further with it.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.