1

I have a crontab php script that resides in one of the folders on abc.tld. The problem is that the script could also be fired by calling it directly (i.e. http://abc.tld/crontab.php) To eliminate such possibility, I assume, I could do something like

if( isset($_SERVER['REQUEST_METHOD']) || isset($_SERVER['REMOTE_ADDR']) )
     die( 'Never gonna happen!' );

But what is the right way? (except .htaccess)

Crontab entry:

0 12 * * 1  /usr/local/bin/php /home/pavellebedev/public_html/abc.tld/wp-content/plugins/easy-timesheet/kernel/cron/ezts_timesheet_notifications.php
Pavel
  • 565
  • 6
  • 19
  • 2
    good god man, disable that file all together, or put it above public root and call with php that way. :) – ATechGuy Sep 25 '17 at 22:16
  • Possible duplicate of [Run a php script only from Cron or check if request from cron?](https://stackoverflow.com/questions/16702472/run-a-php-script-only-from-cron-or-check-if-request-from-cron) – rickdenhaan Sep 25 '17 at 22:19
  • @ATechGuy, no can do. Must be within abc.tld. – Pavel Sep 25 '17 at 22:41

3 Answers3

3
if(php_sapi_name() == 'cli') {
    // Called from command-line, maybe cron
} elseif(php_sapi_name() == 'apache2handler') {
    // Called from the apache2 webserver upon web request
}

Documentation : http://php.net/manual/en/function.php-sapi-name.php

Calimero
  • 4,238
  • 1
  • 23
  • 34
1

As a conclusion of my research extended from Calimero's answer, here's the most reliable way to make sure that the script was called by crontab (php 5.3+):

if( stripos(php_sapi_name(), 'cgi') === false || stripos(php_sapi_name(), 'cli') === false ) die('Not cron');
Pavel
  • 565
  • 6
  • 19
  • Could you by chance post the crontab entry in your question ? Your answer only makes sense if you are running CGI php as CLI (it is possible, although slightly inconvenient), or if the cron job is a curl request to the webserver happening to run CGI php. I discarded those cases too soon, I'd be delighted to update my answer acordingly. – Calimero Sep 26 '17 at 20:14
  • just did, my sapi returns cgi_fcgi – Pavel Sep 26 '17 at 21:48
  • Actually experiment has shown that you right, @Calimero, Php.net must have got it wrong (?) I have edited my answer as calling the script by another non-cron script on server side results in "cgi" – Pavel Sep 27 '17 at 01:12
0

Duplicate How to check if a php script is being called by another script on the server?

The answer :

The $_SERVER["REMOTE_ADDR"] variable that gives you the IP address of the client who made the request should be 127.0.0.1 when the script is called from the server.

Nathanael Demacon
  • 1,169
  • 7
  • 19
  • 1
    wrong. `$_SERVER["REMOTE_ADDR"]` is not set when a php script is run through CLI. – Calimero Sep 25 '17 at 22:30
  • Oh yeah, I was only thinking about the possibility that the php file was intended only for web use, my bad – Nathanael Demacon Sep 25 '17 at 22:33
  • Don't copy/paste answers from other questions. If you find a question that answers this one, this should be marked as a duplicate instead (and if you don't have rep to mark it as a duplicate, just leave a comment about it instead). – M. Eriksson Sep 25 '17 at 22:34
  • Why did someone up vote this? It's wrong since it doesn't answer the question, nor should anyone copy/paste answers from other posts. – M. Eriksson Sep 25 '17 at 22:39