堆栈内存溢出
  简体   繁体   English

PHP代码,用于停止从浏览器运行脚本

[英]PHP Code to stop a script to run from browser

 原文  2012-01-17 12:00:00       php/ browser/ cron

问题描述

Envoirnment : Linux, PHP Envoirnment:Linux,PHP

Scenario : I have written a script which will be set as a cron. 场景:我编写了一个将被设置为cron的脚本。 Now the case is that I want the script to run only through cron and not through any browser (any web browser including mobile browsers). 现在的情况是我希望脚本只能通过cron而不是通过任何浏览器(包括移动浏览器的任何网络浏览器)运行。 So I am looking for a function something like browserValidate. 所以我正在寻找像browserValidate这样的函数。

The script is written in MVC framework and will be run as 该脚本是用MVC框架编写的,将作为 

/usr/bin/GET http://xyz.com/abc/pqr

Please help me with this. 请帮我解决一下这个。

Thanks in advance. 提前致谢。

5 个解决方案

解决方案1
 8  2012-01-17 12:04:56

As @Mob said, the sure fire way to achieve this is to put the script in a place where it cannot be accessed through the web server. 正如@Mob所说,实现这一目标的确定方法是将脚本放在无法通过Web服务器访问的位置。 If this is not possible or you don't want to do it for some reason, you need to detect whether the script was called via a web server or through the command line. 如果无法做到这一点,或者由于某种原因您不想这样做,则需要检测脚本是通过Web服务器还是通过命令行调用的。

My favourite approach for this (there are many) is: 我最喜欢的方法(有很多)是: 

$isRunningFromBrowser = !isset($GLOBALS['argv']);

This means that if $isRunningFromBrowser is true, you just exit/return an error message/whatever. 这意味着如果$isRunningFromBrowser为true,则只需退出/返回错误消息/等等。

解决方案2
 6  2012-01-17 12:03:48

When executing the script from within crontab, you could use the $_SERVER superglobal to either check for Apache generated entries ( HTTP_* ) or - since $_SERVER reflects the executing binary's environment - define a certain environment variable prior to execution: 从crontab中执行脚本时,您可以使用$_SERVER超全局来检查Apache生成的条目( HTTP_* )或 - 因为$_SERVER反映了执行二进制文件的环境 - 在执行之前定义某个环境变量: 

# in the crontab
FOOVAR=1 /usr/bin/php5 script.php

Then, in script.php, check for FOOVAR existence: 然后,在script.php中,检查FOOVAR是否存在: 

if (!isset($_SERVER['FOOVAR']))
   die('No browser access.');

If your cronjob is being executed with wget and the client IP is the server's, you could add this to an .htaccess file: 如果使用wget执行cronjob并且客户端IP是服务器,则可以将其添加到.htaccess文件中: 

SetEnvIf Remote_Addr "192.168.0.1" FOOVAR=1

This will set FOOVAR only if the client's IP address is "192.168.0.1". 仅当客户端的IP地址为“192.168.0.1”时,才会设置FOOVAR

解决方案3
 1  2012-01-17 12:17:42

I've edited this to explain better: 我编辑了这个以便更好地解释:

Since you're using /usr/bin/GET to fetch a page via HTTP I'm assuming that you have two separate servers: First, one that PHP script is on and where you can't run cron scripts. 由于你使用/ usr / bin / GET通过HTTP获取页面我假设你有两个独立的服务器:首先,一个是PHP脚本,你不能运行cron脚本。 Second, one where you are running the /usr/bin/GET fetch in cron as a workaround for that. 其次,你在cron中运行/ usr / bin / GET fetch作为解决方法。

A simple way might be to simply post a unique identifier in the url and check in the script like: 一种简单的方法可能是简单地在URL中发布唯一标识符并检查脚本,如: 

/usr/bin/GET http://xyz.com/abc/pqr/SomeUniqueIdentifier

Another way could be to use the -H option with /usr/bin/GET to set the User-Agent header to something unique like: 另一种方法是使用-H选项和/ usr / bin / GET将User-Agent标头设置为唯一的类似:

/usr/bin/GET -H "User-Agent: SomeUniqueIdentifier" http://xyz.com/abc/pqr / usr / bin / GET -H“User-Agent:SomeUniqueIdentifier” http://xyz.com/abc/pqr

The PHP script would then check the user agent string for this unique identifier like: 然后,PHP脚本将检查用户代理字符串中是否有这个唯一标识符,如: 

if (strcmp($_SERVER['HTTP_USER_AGENT'], "SomeUniqueIdentifier") == 0)
{
   // do whatever
}
else
{
   // do nothing
   exit();
}

Neither way is 100% secure but can help out. 这两种方式都不是100%安全但可以提供帮助。

解决方案4
 1  2012-01-17 12:19:01

One quick way is to check the request ip address and only run if it is the local host ip. 一种快速方法是检查请求IP地址,只有当它是本地主机ip时才运行。

Of course, you need to add some more code later (check user agent, referer etc..) to make sure that even a browser locally does not trigger the script. 当然,您需要稍后添加更多代码(检查用户代理,引用等等)以确保即使是本地浏览器也不会触发脚本。

解决方案5
 0  2012-01-17 12:15:05

Move the script outside of the web directory and execute it on the command line. 将脚本移到Web目录之外,然后在命令行上执行它。 Parse the arguments to the script for the appropriate GET and POST variable population. 将参数解析为适当的GET和POST变量填充的脚本。

see http://www.php.net/manual/en/features.commandline.php#94912 http://www.php.net/manual/en/features.commandline.php#94912

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 需要从浏览器运行一个很长的PHP脚本 - Need to run a long php script from a browser 如何阻止php脚本将错误附加到浏览器? - How to stop php script from appending error to the browser? php脚本不会运行,只会在浏览器的页面后面显示代码 - php script wont run just displays code behind page in browser Puppet:如何在浏览器窗口中停止PHP代码打印 - Puppet : How to stop from PHP code printing in browser window 无法从PHP代码运行Shell脚本 - Unable to run shell script from php code 从网站(php)运行时如何停止python脚本 - How to stop python script when run it from Website (php) 在浏览器中使用 PHP 脚本运行 composer - Run composer with a PHP script in browser 如果从控制台或浏览器请求运行脚本,如何检查PHP? - How to check with PHP if the script is being run from the console or browser request? 从MS DOS运行脚本PHP,而无需打开任何浏览器 - run a script PHP from MS DOS without opening any browser 无法从PHP运行Python脚本并将打印输出到浏览器 - Unable to run Python Script from PHP and print output to browser
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM