Protecting PHP script file for bulk email

Question

Hope you can help me out with this one. I have a newsletter that I update and email it to customers on a monthly basis. This email is integrated in a bulk mail php script. The script queries an SQL database to get the email addresses.

What I am concerned about is that anyone can access this script and execute it. For example by visiting this page: www.domain.com.au/newsletter/bulk_email.php

How do I protect this script so only I can access/execute it and not the public? Is there password protection, or what is the best method?

Thanks,

D

Answer 1

add this in the top of your script.

if (!isset($_SERVER['PHP_AUTH_USER']) || $_SERVER['PHP_AUTH_USER'] != 'YOUR_USER_NAME' || $_SERVER['PHP_AUTH_PW'] != 'YOUR_PASSWORD') {
  header('WWW-Authenticate: Basic realm="TEST"');
  header('HTTP/1.0 401 Unauthorized');
  echo 'Not authorized';
  exit;
}

echo 'Continue script';

Answer 2

There are two ways for protection of php file from direct access:

Way 1

Add the file in .htaccess with the rule to deny from all. But this rule can create sometime stop you also from doing certain things.

Way 2

Create a simple form with username and password with post option and when the username and password is entered then it will redirect to you bulk email script and match the username and password and if it matches then execute the command else not.

Answer 3

You read up this tutorial here:

http://www.kavoir.com/2009/01/htaccess-deny-from-all-restrict-directory-access.html

order deny, allow
deny from all