Hi,

I have created cron job that runs a php file once a day. Its working exactly as I want it I am just enquiring where I should save it in my site? Its a wordpress website and while testing it I have it saved in my public_html file. Im new to this so not sure its proper procedure to save it here or not?

Any advice would be really appreciated.

Donna :)

Hi!

If you can, place it outside the public_html directory, so it cannot be executed by requesting the file through the web.

Otherwise write this in top of the script:

<?php

    if(php_sapi_name() != 'cli')
    {
        header("HTTP/1.1 403 Forbidden");
        die('Error: 403 Forbidden.');
    }

Thanks Cereal, I added the above code and ran the cron job but it returned the Error: 403 Forbidden message rather than running it?

Uh, so how is this job executed?

Usually a cron job is listed into a crontab file and executed by the cron daemon running in the server, so it's an internal task. As explained here:

If you're using an external service to run the jobs or your hosting is practicing another method then just remove my code suggestion and leave the script in public_html, unless your hosting configuration does not suggest something different, if still in doubt ask to the support.

Would setting the folder and file permission to 711 suffice?

Would setting the folder and file permission to 711 suffice?

Hmm, no this doesn't solve, because the request will be executed through the TCP/IP stack, so the owner of the process will be the web server or the PHP server (in case of PHP-FPM) and any client through a web request could start the backup procedure.

Usually a cron job should be set like this:

/usr/bin/php /var/www/path/to/testCronJobLIVE.php

Or by setting the shebang in the script to define the executable:

#!/usr/bin/env php

echo 'Hello';

And then simply pointing the script in the crontab interface:

/var/www/path/to/testCronJobLIVE.php

That way you can set the script outside the public_html directory. But if you still want to stick with TCP solution, then you could set an extra header with a string value to match, something like:

<?php

if( ! array_key_exists('HTTP_AUTHORIZATION', $_SERVER) || $_SERVER['HTTP_AUTHORIZATION'] != 'Donna')
{
    header("HTTP/1.1 403 Forbidden");
    die('Error: 403 Forbidden.');
}

# execute your code
print 'hello';
print PHP_EOL;

And at cron job level:

curl --header "Authorization: Donna" http://digitalmediasolutions.ie/course-updates/testCronJobLIVE.php 

I'm not sure lynx can set custom headers as it is a browser. You could use curl as in my example or httpie:

http GET http://digitalmediasolutions.ie/course-updates/testCronJobLIVE.php "Authorization: Donna"

Is this secure? Not really, if the request is intercepted then the header could be read, unless you can send through https.

Thanks, I am going to park it for now and get back to it. Think I need to learn a whole lot more before going any further with it.