Ensure php script only run by cron

I have created a script that runs monthly as a cron job. The command given me by my host is
TERM=“xterm”; /usr/bin/lynx -dump http://www.domain.com/job.php

I would like to set an environment variable that I can test within my script to help ensure it is not run from a browser. Can anyone tell me how to set an environment variable please? I tried
TERM=“xterm”; ISCRON=1; /usr/bin/lynx -dump http://www.domain.com/job.php
without success. Thanks

before your command in crontab, add . $HOME/.profile or $HOME/.bash_profile.
If that doesn’t work, I think there are other workarounds, but not too familiar with them

Thanks! Just to be clear, is that

. $HOME/.profile TERM="xterm"; ISCRON=1; /usr/bin/lynx -dump http://www.domain.com/job.php

I’m not sure if I’ve missed a ; or if it’s in the right order…


Sorry, should have been more clear! No, it goes right before the path to the file, e.g.,

* * * * * . $HOME/.profile; /path/to/command

Depending on your system, you may have to do $HOME/.bash_profile instead of $HOME/.profile.

But just a heads up, although I’m no server admin, I do know that usually what they do is set all of the required environmental variables in a script that is to be run from a cron job. This method above should work, but it’s considered bad practice. I say get it working first, then worry about good or bad practice :smiley:

Cool. Thanks. I’ll give it a go…

Assuming the script is on the same server (you’re not calling an external script with cron – if you even can) just put the script in a non-web accessible folder in your account and call the script locally. Then you don’t need to check anything in the script as it won’t be able to be called from the web.

For example, say your public_html folder is at:


Just place job.php at:


Then modify your cron path to something like:

TERM="xterm"; /usr/bin/lynx -dump /home/your_user/job.php


When you’re running a script VIA command line (like cron does) it doesn’t need to be accessible from the web unless you want it to.

Thanks Keith. It is on the same server. I have several domains on one account. That sounds like it’s worth a try. Cheers

In case anyone else is interested, I have been given another option by my host.

Change the permissions of the file that has to be executed to 700 which will result as 403 when loading it via browser. Then use the following cron command:

/usr/bin/php /home/www/domain.com/job.php

Thanks for sharing! I like that trick!

Keep in mind not all servers will work that way. That is telling the server that only your user has access to that file. On many servers PHP doesn’t run under your username, but under ‘nobody’, ‘apache’, ‘php’, ‘httpd’, or some other user. If you’re unsure whether or not that will work on your server setup, try changing the permissions and going to that script with your browser. Any error other than a 403 (like a 500 or something else) means it won’t work for you.

I personally prefer moving any cron scripts out of the web folder. There’s no reason it needs to be there if a user does’t need to load it with their browser and only presents more possible security issues. I also move files like the credentials to my database, or any other sensitive files. A user doesn’t need access to a file for PHP to have access.

Thanks Keith. I’m trying all (both) ways at present. I had to make a couple of changes to my scripts to enable them to run under cron so I seem to be taking two steps forward, one step back all day!