How to prevent a controller to run from web? - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: How to prevent a controller to run from web? (/showthread.php?tid=29891) Pages:
1
2
|
How to prevent a controller to run from web? - El Forum - 04-25-2010 [eluser]Sinclair[/eluser] Hi, I have one controller that only runs code with PHP CLI, I must deny this controller from runing from a web browser. What is the best way of doing it? Best Regards, How to prevent a controller to run from web? - El Forum - 04-25-2010 [eluser]paulc010[/eluser] If I understand you correctly, then placing an underscore before a method will render it "private", and inaccessible from a browser: Code: function _hidden() How to prevent a controller to run from web? - El Forum - 04-26-2010 [eluser]WanWizard[/eluser] Depends a bit on how you intend to call the controller (method) from the commandline. Read up on a few good articles here about cron... How to prevent a controller to run from web? - El Forum - 04-26-2010 [eluser]mddd[/eluser] @paulc010: That won't work; the function will not only be hidden from web users but also from a call through the php command line. @Sinclair: You can check the $_ENV variables. Some of them will have different values when called through the webserver than when the script is called directly from php. How to prevent a controller to run from web? - El Forum - 04-26-2010 [eluser]Tominator[/eluser] [quote author="mddd" date="1272284903"]@paulc010: That won't work; the function will not only be hidden from web users but also from a call through the php command line. @Sinclair: You can check the $_ENV variables. Some of them will have different values when called through the webserver than when the script is called directly from php.[/quote] How you want to run it then? Code: private function hello() How to prevent a controller to run from web? - El Forum - 04-26-2010 [eluser]paulc010[/eluser] @mddd Hmm. Not sure that a naming convention will have any effect on anything other than code written to recognise it. I use the underscore method with Modular Extensions and the following works fine: Code: modules::run('controller/_hidden'); Visiting the url /controller/_hidden will give a 404 as the router "hides" the method. By not defining an index function, then the entire controller will return a 404 providing no methods in the class lack the underscore prefix. Paul How to prevent a controller to run from web? - El Forum - 04-26-2010 [eluser]mddd[/eluser] The point here is not about private methods. The point is that the TS wants to run something from the (unix) commandline (maybe through a cron command). But that code must not be callable by someone using the website. So he wants to call something like Code: usr/bin/php /my/ci/folder/crons/my-cron Code: htttp://example.com/crons/my-cron So the solution is to check for php variables that are different in the case of a direct call as opposed to a call from someone through a (browser) client. Or, another solution could be to insert some secret word in the call. Like Code: usr/bin/php /my/ci/folder/crons/my-cron/mysecretcronpassword Code: htttp://example.com/crons/my-cron/mysecretcronpassword How to prevent a controller to run from web? - El Forum - 04-26-2010 [eluser]WanWizard[/eluser] [quote author="mddd" date="1272284903"]@Sinclair: You can check the $_ENV variables. Some of them will have different values when called through the webserver than when the script is called directly from php.[/quote] What I use is: Code: define('CLI_MODE', isset($_SERVER['HTTP_HOST']) ? FALSE : TRUE ); How to prevent a controller to run from web? - El Forum - 04-26-2010 [eluser]mddd[/eluser] @paulc010: But where from would you call that module? I agree that the method (or even the whole controller) would not be available directly to a web user. But the module must be called somehow. If the script which calls the module is open to the public, the module is also open. Or am I missing something in your explanation? How to prevent a controller to run from web? - El Forum - 04-26-2010 [eluser]WanWizard[/eluser] I have the define I mentioned earlier in my index.php. In the cron controller you could add this to the constructor: Code: if ( ! CLI_MODE ) |