Geek Answers Handbook

Safely Complete Cron Jobs with Zend Framework

I have seen a lot of posts about cron and ZF, but most solutions leave the work available for launch by the public.

What if you want to configure an action that can only be performed by cron? Not some anonymous user, but not someone who should be logged in?

The solution I'm using is to put the file outside of my web root, since it loads ZF enough to use what I need (for example, I don't need the view) and then delete it from cron. My questions is, is this “best practice” for this? What if you need to make the code available over the Internet, but still need to prevent random users from finding and running it?

To illustrate, here is what I do (what works) to do the cron job from the php command line and on the same server, something like this:

* 10 * * * php /Apps/ZF/cronjobs/crontest.php

Webroot: /Apps/ZF/someproject/

crontest.php:

 <?php ini_set('include_path', ini_get('include_path') . ':/Apps/ZF/someproject/library'); define('APPLICATION_PATH','/Apps/ZF/someproject/application'); define('APPLICATION_ENVIRONMENT','test'); //Include the loader (for loading ZF resources) require_once 'Zend/Loader.php'; //Include the model (to access the Sites model in this case) require_once(APPLICATION_PATH . '/models/Planets.php'); Zend_Loader::registerAutoload(); $configuration = new Zend_Config_Ini( APPLICATION_PATH . '/config/config.ini', APPLICATION_ENVIRONMENT ); // DB adapter $dbAdapter = Zend_Db::factory($configuration->database); // DB table setup Zend_Db_Table_Abstract::setDefaultAdapter($dbAdapter); // Whatever code we want to run... $test = new Model_Planets(); $test->fetchEntries(); Zend_Debug::dump($test); ?>

So, as I said, this works, so I'm not looking for someone to write me a solution ... just curious to make it "better." Besides, what if I needed it to be available over the Internet, but still want it to be available only cron? How to make it more flexible (because here I hardcode a few paths that I suspect can be made more dynamic)?

I assume that I can make a list of allowed servers and then check that with $_SERVER['REMOTE_ADDR'] ?

What do you all think? Suggestions? I work alone, so I don’t have a colleague to ask for help with this ... So my colleague, in some way.

+7
source share
4 answers

One way is to set an environment variable.

So in your crontab

 SCRIPT_RUN_ENV=cron * * * * * foo.php // Whatever your line is

Then in the application, just check that:

 if (get_env('SCRIPT_RUN_ENV') != 'cron') { echo "Program cannot be run manually\n"; exit(1); }

Now everyone can set their environment variable to this value and successfully launch cron, but they must stop trivial execution (or random) ...

But also note that anyone who can edit the environmental variable on the server can already execute it, so there is no real way to protect it from this angle (none of them are automated at least) ... It’s also worth noting that you don’t can enter an environment variable through HTTP.

+8
source

Well, the PHPSAPI value should be different when running through cron and web server.

+4
source

The best way to protect your php cron job is to put the php file in the non-public_html folder.

For example:

Your page is in /home/myuser/public_html/test.php

Move it to /home/myuser/test.php

and enter the cron job:

 php -q /home/myuser/test.php

Now the user cannot enter your page from the browser, and only the cron task can use it.

+3
source

Not by some anonymous user, but not by someone who needs to log in?

Use an x.509 client certificate.

+1
source

More articles:


All Articles