[RESOLVED] CRON: PHP Page

Printable View

Mar 15th, 2012, 09:30 PM
chris.cavage

[RESOLVED] CRON: PHP Page

I created a CRON job that runs a .php page every day.

The php page queries a mysql db to find all appointments from yesterday and then sends them a thank you email.

It works just fine.

I was wondering, since I have this page on my server, how can I protect the page so people don't find the page and open it, thus running the code and possibly resending emails to the same people over and over again?

Also, can this happen if a bot visits the php page?

As I type, I am wondering if I should move it outside the public part of my server. I guess that would stop nosey people from running the script, but are web crawlers an issue yet?
Mar 15th, 2012, 10:24 PM
SambaNeko

Re: CRON: PHP Page

Quote:

As I type, I am wondering if I should move it outside the public part of my server.

Exactly. Crawlers can't get to it there either.
Mar 15th, 2012, 10:27 PM
chris.cavage

Re: CRON: PHP Page

I didn't know that. Thanks. I'll make the changes.
Mar 16th, 2012, 05:03 PM
PBertie

Re: [RESOLVED] CRON: PHP Page

Also if for some reason you needed it publicly accessing, for example if passing a particular parameter in showed debug info, then just giving it a random name would be fine. If no pages link to it the crawlers wont know to try that address. So calling it cron_1234567.php would mean you can get to it if you need but no-one else should guess it.

If there's no reason you'd need to run it apart from the cronjob then putting it in a private location is the better option.
Mar 16th, 2012, 05:06 PM
chris.cavage

Re: [RESOLVED] CRON: PHP Page

Even though no one else should guess it, could someone find the file in my public directory anyway and open the page, thus running the query?

I didn't know crawlers won't go to it if it isn't linked. Thanks.
Mar 16th, 2012, 06:40 PM
PBertie

Re: [RESOLVED] CRON: PHP Page

Crawlers work by analysing the page for links and adding them to its list of pages to visit. You can specify noindex/nofollow as instructions to crawlers (e.g. robots.txt) but you can't rely on them obeying those instructions.

As far as a page goes that isn't linked anywhere they dont have anyway to find out about it.
Bare in mind that if directory indexing is turned on then when you visit a folder and there isn't an index file (usually index.htm, index.php, etc.) it will generate a list of all the files in that folder. So in that case it will be linked to so will be visible to the crawler.

Similarly if a page contains links to this hidden file but you need to be logged in for the links to appear your file would also be safe because the crawler would be seeing the none logged in version of the page with the link.
Mar 16th, 2012, 09:03 PM
chris.cavage

Re: [RESOLVED] CRON: PHP Page

I see!

How do you turn off directory indexing so a list of all the files in a folder will not appear? I like that idea. Any downside to that? I think I could definitely do that instead.
Mar 16th, 2012, 09:58 PM
chris.cavage

Re: [RESOLVED] CRON: PHP Page

Ok, I adjusted the .htaccess file to disable it.