|
PHP - What Prevents Users From Running Your Cron.php
If I create a page called cron.php with scripts that I want to run once a day, and set up my server to run that once a day, what prevents people other than me or my server, from being able to just type in the link "http://MyWebsite.com/cron.php" and cause my cron page to run? isn't this a security issue?
Similar TutorialsI am running some php via a cron and I was after the best way to achieve this. Currently I am doing it as follows:- Code: [Select] 0 * * * * lynx -dump http://www.domain.com/script.php This works fine but I don't want anybody being able to run the script by pointing their browser to the file. Any advice on the best method? Cheers. I have a script that will export data to excel. After the export, I need the page to reload showing status information, but it does not reload. What could be causing an issue like this? I think that because the export forced the download file dialogue to open, those headers may be preventing the form from reloading properly, but how, why, and what can be done to resolve the issue? Hi All,
My page contains a JS function that enables to print the content of a DIV, and contains also a jQuery Autocomplete textbox that does not belong to that DIV.
Here is the JS for printing the div
function printContent(el){
var restorepage = document.body.innerHTML;
var printcontent=document.getElementById(el).innerHTML;
document.body.innerHTML = printcontent;
window.print();
document.body.innerHTML = restorepage;
}
The HTML attached to it is
<div id="div1">DIV 1 content...
</div> <button onclick="printContent('div1')">Print Content</button>
If the user clicks the button to print the content of the DIV, they cannot afterwards make use of the Autocomplete textbox.
It seems the issue occurs with any kind of jQuery UI, not just autocomplete.
In this case, the HTML of the Autocomplete is
<div class="ui-widget">
<label for="tags">Tags: </label>
<input id="tags" />
</div>
and the script
$(function () {
var availableTags = [
"ActionScript",
"AppleScript",
"Asp",
"BASIC",
"C",
"C++",
"Clojure",
"COBOL",
"ColdFusion",
"Erlang",
"Fortran",
"Groovy",
"Haskell",
"Java",
"JavaScript",
"Lisp",
"Perl"
];
$("#tags").autocomplete({
source: availableTags,
minLength: 0,
delay: 0
});
});
jquery-ui-1.10.3.custom.css, jquery-1.9.1.js and jquery-ui-1.10.3.custom.js are used.
Any idea of how to keep the jQuery UI functional after the div-printing JS function has been used ?
Thanks for your help.
Hello
I am trying to work out how many regular users I have to my site and how long those users tend to be users..
So, I have a table that logs every time a user visits my site and logs in, it stores the date / time as a unix timestamp and it logs their user id.
I started by getting the id's of any user who logs in more than 5 times in a specified period, but now I want to extend that...
SELECT userID as user, count(userID) as logins FROM login_history where timestamp > UNIX_TIMESTAMP('2014-06-01 00:00:00') and timestamp < UNIX_TIMESTAMP('2014-07-01 00:00:00') group by user having logins > 5;
I just discovered that I have a major security flaw with my website. Anyone who logs in to the website can easily access other users information as well as delete and edit other users information just by changing the ID variable in the address bar. I have user ID Session started on these pages but still people can do anything they like with other users information just by editing the address bar. For example if your logged in in the address bar of www.mywebsite.com/delete_mystuff.php?id=5 and change the "5" say to a "9" then you will have access to user#9 information. Every important page that I have has this code: Code: [Select] session_start(); if (!isset($_SESSION['user_id'])) { // Start defining the URL. $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']); // Check for a trailing slash. if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) { $url = substr ($url, 0, -1); // Chop off the slash. } // Add the page. $url .= '/index.php'; ob_end_clean(); // Delete the buffer. header("Location: $url"); exit(); // Quit the script. } else { //Else If Logged In Run The Script if((isset($_GET['id'])) && (is_numeric($_GET['id']))) { $id = (int) $_GET['id']; } elseif ((isset($_POST['id'])) && (is_numeric($_POST['id']))) { $id = (int) $_POST['id']; } else { echo ' No valid ID found, passed in url or form element'; exit(); } What am I doing wrong? Please help if you know how to correct this. Many thanks in advance. I am trying to do two cron jobs: I have a program that is set to do a cron job every 15mins to check for imported list staged in the que. But I keep getting an error message:?? sh: line 1: /home/username/sitename.com/8/crons/processimports.php: Permission denied sh: line 2: : command not found this is what I have: Code: [Select] /usr/local/php5/bin/php -q /home/username/sitename.com/8/crons/processimports.php > /dev/null The second one is a scheduler to send out an email, but I get this error message: sh: line 1: /home/username/sitename.com/8/crons/scheduler.php: Permission denied from this out put: Code: [Select] /usr/local/php5/bin/php -q /home/username/sitename.com/8/crons/scheduler.php > /dev/nullPlease Help?? Thanks, TRUSTINWEB I'm trying to generate a cron job to run the below script, but can't get it to work for the life of me. Code: [Select] #!/usr/local/bin/php -q <?php if($_GET['key']=="a"){ // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $sql="SELECT * FROM $tbl_name3 WHERE review_show='n'"; $result=mysql_query($sql); $num_results=mysql_num_rows($result); if($num_results > 0){ if($num_results==1){ $message="You have ".$num_results." review unapproved."; } else{ $message="You have ".$num_results." reviews unapproved."; } mail('webmaster@ghosthuntersportal.com','GHP Reviews', $message, 'From: sales@ghosthuntersportal.com'); } $sql2="SELECT * FROM $tbl_name4 WHERE rma_issued='n'"; $result2=mysql_query($sql2); $num_results2=mysql_num_rows($result2); if($num_results2 > 0){ if($num_results2==1){ $message="You have ".$num_results2." RMA Number Requested."; } else{ $message="You have ".$num_results2." RMA Numbers Requested."; } mail('webmaster@ghosthuntersportal.com','GHP RMA Number Requests', $message, 'From: sales@ghosthuntersportal.com'); } echo "Emails Sent."; } ?> Cron Job Command: Code: [Select] php -f /home/zyquo/public_html/ghosthuntersportal.com/cj_run.php?key=a I set the time to run every minute, just to try to get this to work... And in the end I get no emails in my inbox. Is it possible to have a cron job merely by php ? not by OS (like linux cron). I mean having a php code to repeat a process on with a timer (e.g. every 5min). I have some cron jobs that pull xml and some webcam images from their respective source sites (NOAA, DOT) and saved to the local server. This is done to ease the strain on the external sites in the event of a user spike on our website. Now, the code works most of the time, but you can see that I dont have any error handling. Sometimes, one of the webcam images will fail to load, and other times I have seen the weather xml feed fail producing some unaestetic php error codes on the site until a half hour later when the cron job runs again. My questions: -Whats the best way to make it try again if it fails? -Are the set time limit statements necessary? I did it as a keep alive. -I also put the sleep statements there to space things out, since there are 6 webcam scripts that run. Anyway, I would appreciate any suggestions. Thanks -Chris I am trying to set up a Cron Job. When I run it says that it is inserted. However when I enter my database nothing is in there. Does each part column of a cron job need to be correct for it all to work? For example if I have the code for column corrrect but one wrong will it now work at all? I am a bit lost as to why it says inserted but nothing actually goes into my database. I can manually enter information into the database I can echo it. But I cant Cron Job it in there. I am having my internship, and i was asked to automate the uploading of file and store the data to MySQL every 8:00am. i've read a lot of articles about crontab/cronjob/php:cron. but i am wondering what is a cron.php and what codes/scripts in that file. i also want to know what is .BAT for. do you have any steps and scripts for my problem? thanks alot.. Does anyone know how to write the php for a cron job (delete date from a db) this is what I have but it is not doing anything...the cron on my server site runs the code fine but the code does not do anything. Code: [Select] <?php $date = ('Y-m-d'); //Auto delete // Connect to MySQL $connect = mysql_connect("db","username","password") or die("Not connected"); mysql_select_db("name") or die("could not log in"); // Delete entry where date equals today from the "example" MySQL table mysql_query("DELETE FROM boox WHERE date='$date'") or die(mysql_error()); // ?> Ok, I've been trying to figure this out for about 4 hours now. What I am trying to do is update log information from one table to another every 30 minutes. Am I doing this correct? <?php $cron = true; $userinfo = $db->query( "SELECT * FROM users" ); while ( $pulluserinfo = $db->fetch( $userinfo ) ) { $one .= "" . $pulluserinfo['uID'] . ""; //uID is from the users table $two .= "" .$pulluserinfo['Amount=Amount+1000+(TotalAmount*10)']. ""; //Amount & TotalAmount is from the users table $three .= date("F j, Y, g:i a"); //Putting a date $db->query( "INSERT INTO systemlog (`User`,`Amount`,`Time`) VALUES ('$one', '$two', '$three')" ); } $db->close(); ?> I have a file called email_cron.php. I have verified that when I load this page in a browser it works fine. I have it doing some email sending, then sending a master email to a specific email address saying what emails were sent. This is an update script for a website to give them notices every day. Regardless, I tested the script itself out and it works perfectly when ran normally. I had setup a cron for this. I thought the cron was working but it's been 3-4-5 days and they have had no emails. If I go in and test the script manually it works but the cron isn't doing something. I am using 1and1.com for the hosting by the way. So I went back into the SSH and typed "crontab -l" and mine is listed. It is marked as 50 * * * * /kunden/usr/local/bin/php /kunden/homepages/##/#######/htdocs/email_cron.php Replace the # with the id's of my site. Which are the path structure. For some reason this isn't working. It shows this when I listed out so I know it's setup as a cron but for some reason it's not running. Did the code I use to set this up not structured right (the 50 * * * * ) part of it or something? I wanted it to run 1 time per day. Thanks again. Hi guys, Periodically I have a need to execute some local PHP file to clean/update the DB - it takes some parameters. So I use a Cron file, that has WGET statments passing arguments in the URL. The benefit of this is to me is, I can manually via the browser execute the same file. I have been told that using PHP CLI is more efficient, Can anyone shed any light on this? Is it more efficient? Would i be able to manually excecute the PHP CLI file via a browser? Thanks for your thoughts in advance. Hey everyone, So I'm a complete PHP noob and have very basic knowledge of PHP - everything I learn is from tutorials online. I created a website which monitors Stock Exchange data for a particular stock exchange by downloading a CSV file from the Stock Exchange's website containing all the stock data - as this is the only way this particular exchange provides its data to 3rd parties. Now, my PHP system takes this CSV file, reads it and inserts the data into a MySQL database. Then, the function of my site is that users can create alerts for particular stocks that they are watching, and my website will send them an email when the stock price of the stock that they are watching goes above or below a particular value that they specify. Simple! However, since my MySQL database always needs the most recent version of the stock prices, the way I did this in the past was by using Cron every minute to download the file off the exchange's website, and insert the data into my database. I realise that this is quite inefficient, but my main problem is actually that the only way I can do cron every minute is by paying for my own Virtual Dedicated Server as normal shared hosting won't let me run a script that frequently. What I am here to ask is if any of you know an alternative way that I can constantly update the price data in my database i.e. an alternative to cron. I hear that you can run PHP scripts as 'daemons' but I'm not sure how this works nor whether I can do this with normal shared hosting. I cannot afford a Virtual Dedicated server any longer and so need a solution which is compatible with normal, cheap shared hosting. Any help would be much appreciated! This topic has been moved to Other Web Server Software. http://www.phpfreaks.com/forums/index.php?topic=347320.0 Gurus, I have coded for my client a PHP script that performs some extensive data munging on text files he creates. Code is complete and I have now to automate the script. Problem is that it seems to *only* run manually. I won't run as CRON job. This is what I have tried with "#!/usr/bin/php -q" in the header of my script: Code: [Select] 00 1 * * * /usr/bin/php -q /HDDLogs/HDDProcess.php >>/HDDLogs/HDDProcess.log 2>&1 The log file does get created but is empty. I tried removing the -q for quiet mode: no difference. Still did not run. Apache 2.0 and PHP 5.3 is installed on this server. I fully own the directory with my code and the data files are located. Any idea?? Thanks, Al. Hi, I need help please with creating a cron job. I have the following sql commands that need to take place within the cron job. This is all i need to do every couple of hours, thus the reason for a cron job. Code below: DELETE FROM tmpsessionmodule; INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module1 FROM session WHERE ((Module1) <>"" ); INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module2 FROM session WHERE ((Module2) <>"" ); INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module3 FROM session WHERE ((Module3) <>"" ); INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module4 FROM session WHERE ((Module4) <>"" ); INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module5 FROM session WHERE ((Module5) <>"" ); INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module6 FROM session WHERE ((Module6) <>"" ); INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module7 FROM session WHERE ((Module7) <>"" ); INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module8 FROM session WHERE ((Module8) <>"" ); INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module9 FROM session WHERE ((Module9) <>"" ); INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module10 FROM session WHERE ((Module10) <>"" ); INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module11 FROM session WHERE ((Module11) <>"" ); INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module12 FROM session WHERE ((Module12) <>"" ) Can someone please help me!! Any assistance will be greatly appreciated. Thanks! Hi, I am trying to create a cron job that truncates a database table, then inserts data back into the table, The cron jobs works fine, if i just truncate the table, but does not seem to work if i want to re-insert data back in the table. truncate.php looks as follows: <?php require_once('/usr/www/users/amisea/sosams/db-connecter.php'); $query = "TRUNCATE TABLE tmpsessionmodule; INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module1 FROM session WHERE ((Module1) <>"" ); INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module2 FROM session WHERE ((Module2) <>"" ); INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module3 FROM session WHERE ((Module3) <>"" ); INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module4 FROM session WHERE ((Module4) <>"" ); INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module5 FROM session WHERE ((Module5) <>"" ); INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module6 FROM session WHERE ((Module6) <>"" ); INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module7 FROM session WHERE ((Module7) <>"" ); INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module8 FROM session WHERE ((Module8) <>"" ); INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module9 FROM session WHERE ((Module9) <>"" ); INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module10 FROM session WHERE ((Module10) <>"" ); INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module11 FROM session WHERE ((Module11) <>"" ); INSERT INTO tmpsessionmodule (SessionNo, Module) SELECT SessionNo, Module12 FROM session WHERE ((Module12) <>"" );" $result = @mysql_query($query); ?> |
|||||||