Hey folks, the way i understand it is that cron can be used to execute php code by launching the php interpreter and passing it the path to the script to be executed.
The code I would like to schedule is in a codeigniter controller/model. So basically the controller contains 3 functions that perform some db stats. Each function will have its own schedule.
How can I secure that controller so that the code doesn't get executed maliciously? do I pass some creds to the controller as part of the cron job? or do i take that code an set it up as a separate ci app?
Any thoughts on the matter would be appreciated.
thanks
You shouldn't create a controller for doing a script. You should just create a normal PHP script, and launch it via command line/cron.
The script shouldn't be in your public web directory, it should be elsewhere (in a script folder for example), not accessible by the public (a script shouldn't be a web page).
Because if you have a script as a controller, that means you lanch the script via the HTTP server, which isn't secure, and in your cron task you'd have to use something like wget "localhost/mycontroller/myaction" (less clean).
You could always move the file outside the web directory, so you can only access it from the server side. Another way is to change the permissions on the file, so your server cant read the file, and execute the cron under root (not recommended).
As for credis, you can make the script only run if you pass the correct get variable. For example, the script only runs when you call:
http://localhost/script.php?chjfbbhjscu4iu793673vhjdvhjdbjvbdh=bugy34gruhw3d78gyfhjbryufgbcgherbciube
I don't think the querystring idea is that bad actually, especially if this URL is being passed along your own network behind a firewall then there's no real cause for concern.
Another security feature you could implement is making sure the "client's" request IP address is equal to the server's IP address, hence the script can only proceed if it is being called from the server that executes the controller action.
Related
Can I run a php script from command line with the following usage:
php http://phpfile.php username password config_file
When I run this it says cannot open input file http://phpfile.php
If there is what would be the best way to execute this within a php script?
Thanks
This is practically not possible. You cannot execute a php script hosted on someone else's server in your cli.
WHY?
Consider this case. Facebook has a php script which adds a comment to the database. So What would be the outcome if someone executes this script from local command line, and goes about adding comments to the database ? This would really mess up the systems. Or consider something like a file hosting script. You can very well imagine the outcomes if anyone can delete any file from their own cli.
Solution!
The file can be executed if:
Either you have the script saved locally and run it
Or make a get or post request to script with required data and make it do stuff.
Summing up
You can execute it only if the owner allows it (via get and post requests)
Refer these
Do a post request using
Guide to making requests
I render a php layout file with some variables, then I mail it to some address. There is no problem when doing this task through the web. I just call some controller->action and everything is ok.
Additionally, I want to send a mail whenever its time is set to sent. Cronjob will read a timestamp of email column from db and sends when its time is come.
But the thing is Yii::$app->mailer->compose('some layout file path here') uses output_buffering internally. Its ok for php that runs on web, but it does not work for php that runs on CLI. output_buffering can't be turned on php cli. Cronjob uses php cli not php web.
I got stuck, what can I do? Any suggestions? Is it possible to create controller and run action of it? I have one solution: run curl with cronjob and access action of controller which runs on web through cli, but its not the best way I think as it overloads the web part.
Please give me the best, fast and not overloading way to do this
this isn't the best method for doing the task, but how would you run a cronjob of a zend view.
The view is used to generate a file using an output buffer and then save the file on the server, it runs once a day.
Would it just be a matter of calling the url of action of the controller with curl:
23 50 * * curl http://pclite.com/statistics/generate
The application required authentication though.
If you are the admin of the server, I will not do this way,
I will code a PHP page using curl to download and save the file, since you coding a php file,you are able to simulate the login procedure , you can write the username and password in the php file, and make sure the file is saved by where you want
then I using LYNX in the corn, a text browser , it will call this php file once a day, so you don't have to record any username password in the cronjob and this php do what ever you wan to grab
Since you said, that this is not the best method for doing such a task, i won't tell it again :D
If the cronjob runs on the same server your webserver is on, you could check the client-ip and skip authentication if they are the same. Because if the "attacker" can send requests from your own server to the application you really have a serious security issue.
So, yes. If you skip authentication when the ip is the same you just need to call the url.
As any other class Zend_View can be instantiated from anywhere and in particular Zend_View can render to a variable. This means that you do not need to call the whole web application if all you want to do is render something.
As stated your other option is to have an entry point to the application and call it to get the return. But if you're just saving some file to the server it could be perceived as a better approach to have the cronjob be a script that does any thing. This way you will also save some load of your web application. The last thing may not be so relevant but what if in the future you want to call this endpoint several times per day for a lot of users or something?
So, you can create a CLI script that includes Zend_View and renders within itself. As always with Zend Framework the implementation choice i left entirely to you.
Not sure if I understood the use/purpose of PHP entirely, but what seems to me that a .php file only executes when it is being called/executed by something before it, could be a html or a php file.
A thought, is it possible that a php file written, and it would just be activated by its own, example over a duration span of time, every week or so it would do something?
Thanks for looking...
You are looking for a cron job. This allows you to save a line of code on your remote server that will execute based on the criteria you set. You can make it execute a variety of files but PHP files are definitely one of the files you can execute in this manner.
As mentioned by nathan, you will be looking for a cron job. This is a server side setting in the server that will call a url at a set interval.
You seem to not really understand how PHP works. PHP scripts are called server-side before sending data to the client. They are run once when the client is accessing the script.
what my page do is:
download an array from different server (first.php)
php script parse values
parsed values are sent with ajax call
on the next (ajax called) page (second.php) there are some mysql queries
if values pass condition, values are written to database
.... So, when I run my first.php.. it loads second.php, everything's fine..
but what I want to know if it is possible to let it make by cron?
If not, what should I do?
Thanks.
There are certain things you need to understand in this regard.
The first is that PHP can be run as either a web server module or as a standalone executable. When you run it as a web server module, you open it from the browser, all related web technologies (html/css/js) etc get parsed and work in unison.
When you run it from command line using cron like say /usr/bin/php mywebpage.php
then the php executable DOES NOT parse/understand the other web technologies and so your page will fail.
There are two workarounds for this:
Rewrite only those web-enabled parts so that the ajax/js stuff gets
handled by PHP. Basically rule of the thumb is that if you are
running a CLI php script, it should contain ONLY core PHP. This is the preferred way. You will need to move the ajax calls to inside the same file and just make it a single execution flow like any regular program.
If for some reason you cannot do the above, you can try something like this:
/path/to/browser http://mysite/mywebpage.php. Here what you are doing is, you are running a browser executable and then calling the webpage URL. This way the page is being executed within the browser's environment and it will be able to parse and understand the ajax/js calls.
Yes you can create a cron job in the below way.
1) download an array from different server (first.php)
2) php script parse values in first.php
3) Include the second file, second.php by include_once which executes mysql queries
4) If everything is correct insert them to database.
It sounds like you need a standalone JavaScript shell. There are a number listed at:
https://developer.mozilla.org/en-US/docs/JavaScript/Shells