I’ve got a php file located under www.mysite.com/myphpfile.php which needs to be executed at regular intervals.
I would like to use easycron.com how can I prevent the file to be accessed from the browser but still be able to run it with easycron?
“the browser” is really unspecific - any program sending http request to a webserver can be called a browser. so if you want to protect a site from beeing accessed via browser, just shut down the machine or at least the webserver, or block the associated port.
but than your requirement to use external cron jobs makes no sense anymore. in what i see from the trial, you can specify basic auth (which is htaccess password protection) to prevent access via unauthorized browsers.
Hi @droopsnoot thanks for your answer yes I think using http auth is what i need.
I’ve added the following code in my php file and set up HTTP basic auth on easycron but it still gives me error 401
Sorry, I’ve no idea on anything other than one specific server that you’re almost certainly not using. @chorn earlier on mentioned htaccess, does it go in there?
You could just pass a query string variable and check for its existence. Its not the most secure thing but would work for a small site unlikely to be hacked.
if(!isset($_GET['akg']) || $_GET['akg'] !== '34acddb2-2eab-4138-9946-ba0603546d8f') {
exit; // or issue 404 response back to server.
}
The most correct way to do this would be using OAuth. You could also consider adding the api key to the header of the request rather than in the query string.
If you would like to explore the OAuth direction I suggest taking a look at the PHP league package.
Instead of using a script you would need to turn it into an API endpoint fronted by OAuth authorization and also implement OAuth authorization within your application.
Although this requires easycron to support oAuth. I myself have always used background jobs most recently set-up in Jenkins. Never have used easycron except for the browser based cron modules available for some CMSs.