How do I prevent access to a php script if not called with a comandline application like curl
How do I prevent access to a php script if not called with a comandline application 开发者_如何学运维like curl? I'm working on a web application and it uses a cron script to run it's services. I'm using codeigniter so I have to use a url not a file path.
While not a direct answer, I think this CodeIgniter Library would solve the underlying problem:
CodeIgniter CLI Library
I believe that's the library used in a CI project I was brought in on. It works well. From the command line just:
php cli.php controller action urlseg1 urlseg2 ...
Use HTTP authentication.
You can recognize curl by User-Agent HTTP header, but it is not safe - anybody can use such header (or use curl) to access your scripts.
(edit) You can also use IP address of the request. Curl requests from cron will probably have 127.0.0.1; it should be not possible for anyone to make requests from this address (unless your website runs behind reverse proxy running on the same server). This is not 100% safe (for example on shared webhosting), but it might be safe enough.
BTW. why not run PHP script directly from CRON? Then it does not have to be web-accessible at all.
This probably isn't the best solution, but you can implement it in seconds.
Use cURL POST and pass in a password as one of the POST variables. Check if the password is correct with your script wrapper and only execute the file if so.
精彩评论