Hi,
I’ve got a php file located under www.mysite.com/myphpfile.php which needs to be executed at regular intervals.
I would like to use easycron.com how can I prevent the file to be accessed from the browser but still be able to run it with easycron?
Many thanks for your help
“the browser” is really unspecific - any program sending http request to a webserver can be called a browser. so if you want to protect a site from beeing accessed via browser, just shut down the machine or at least the webserver, or block the associated port.
but than your requirement to use external cron jobs makes no sense anymore. in what i see from the trial, you can specify basic auth (which is htaccess password protection) to prevent access via unauthorized browsers.
Hi tanks for your help. I can’t find any tutorial on how to use basic auth with easycron. Could you help me?
Many thanks
Is there a reason why you can’t run a cron job on your host server?
That way the script could be in a folder which is inaccessible from the outside.
Does this link help?
Hi @droopsnoot thanks for your answer yes I think using http auth is what i need.
I’ve added the following code in my php file and set up HTTP basic auth on easycron but it still gives me error 401
$valid_passwords = array ("admin" => "admin");
$valid_users = array_keys($valid_passwords);
$user = $_SERVER['PHP_AUTH_USER'];
$pass = $_SERVER['PHP_AUTH_PW'];
$validated = (in_array($user, $valid_users)) && ($pass == $valid_passwords[$user]);
if (!$validated) {
header('WWW-Authenticate: Basic realm="My Realm"');
header('HTTP/1.0 401 Unauthorized');
die ("Not authorized");
}
Do you still need to configure your server to know that the page is within an authenticated realm, and if so, have you done so?
Hi thanks for your answer. No I haven’t 
I don’t really know how to do it, could you point me in the right direction? Many thanks
Sorry, I’ve no idea on anything other than one specific server that you’re almost certainly not using. @chorn earlier on mentioned htaccess, does it go in there?
You could just pass a query string variable and check for its existence. Its not the most secure thing but would work for a small site unlikely to be hacked.
if(!isset($_GET['akg']) || $_GET['akg'] !== '34acddb2-2eab-4138-9946-ba0603546d8f') {
exit; // or issue 404 response back to server.
}
The most correct way to do this would be using OAuth. You could also consider adding the api key to the header of the request rather than in the query string.
If you would like to explore the OAuth direction I suggest taking a look at the PHP league package.
Instead of using a script you would need to turn it into an API endpoint fronted by OAuth authorization and also implement OAuth authorization within your application.
Although this requires easycron to support oAuth. I myself have always used background jobs most recently set-up in Jenkins. Never have used easycron except for the browser based cron modules available for some CMSs.
Thank you guys, i’ve managed to make it work using htaccess and htpasswd
This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.