How can I ensure a user can not run a PHP script and that it is only ever run as part of a cron job?
You can make it run forever by either setting the value or call set_time_limit in your script (http://php.net/manual/en/function.set-time-limit.php).
The cron reads the crontab (cron tables) for running predefined scripts. By using a specific syntax, you can configure a cron job to schedule scripts or other commands to run automatically.
You can set an environment variable in your crontab. A line like IS_CRON=1
can be placed at the beginning of your crontab, then check in your php program for get_env("IS_CRON") == 1
.
Of course, you should also use file permissions as they're not so easily bypassed. If this is run as part of root's cron, chown root:root yourscript.php
and chown 700 yourscript.php
.
As ircmaxell says, it'd be better to run as a user other than root assuming you don't need root permissions for what you're doing. I was just taking a guess about your setup.
How about having your PHP script check if $_SERVER['REMOTE_ADDR']
is empty, and if it is not, then have the script exit without doing anything further.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With