1

I have a PHP script on my server, this PHP script gets specified emails from my mySQL database, it then pulls a whole bunch of data from the database which it uses to compose an email which it sends to each email address it pulled from the database.

In order to run this script once a day I have set up a cron job on my server which does so.

When I receive an email sent from this script, in the source of the email, it has the following line: X-PHP-Script: (exact address to PHP script)

My concern is that anyone, at anytime can go to that address and run this script over and over again, not only will it make everyone on the email list very irritated, but it will also clog up my server.

I would like to know if there is anything I can do, to disable someone from being able to run this script themselves, or if there is a better way I should be doing this which would also solve my problem.

Thank you in advance :)

YSK .CO
  • 164
  • 1
  • 14
  • 1
    make the unaccessible from outside of the server. Or add some kind of authentication to the script – Pinoniq Jul 26 '14 at 14:57
  • the answer depends on your webserver. generally, there is no need to make the script accessible in the document root, since a cronjob may access the script anywhere you'd like. – worenga Jul 26 '14 at 15:00
  • Or check/make sure that it's only [running under CLI](http://stackoverflow.com/a/343569/451969). – Jared Farrish Jul 26 '14 at 15:00
  • Allthough I figured that there are "CronJob Services" that make HTTP requests to a given URL, if the provider does not allow the creation of cronjobs, maybe the OP needs this. – worenga Jul 26 '14 at 15:04
  • @mightyuhu I have thought about that, however how do I point to the document root when I start the address in the cron command with http://... Excuse me as I am no expert with cron. – YSK .CO Jul 26 '14 at 15:04
  • please provide your crontab entry. – worenga Jul 26 '14 at 15:06
  • In addition to what you're asking, you should really also make the script robust enough so that it won't run too often — store the "date last run" info, or something similar. – Joel L Jul 27 '14 at 12:18

1 Answers1

1

You can place the PHP script outside the public website (for example, in Plesk, the public url starts in httpdocs, so you can place directly in a folder before this one).

Ilgorak
  • 26
  • 1