How to prevent a controller to run from web?

[eluser]Sinclair[/eluser]
Hi,

I have one controller that only runs code with PHP CLI, I must deny this controller from runing from a web browser.

What is the best way of doing it?

Best Regards,

[eluser]paulc010[/eluser]
If I understand you correctly, then placing an underscore before a method will render it "private", and inaccessible from a browser:

Code:

function _hidden()
{
  // Do something
}

[eluser]WanWizard[/eluser]
Depends a bit on how you intend to call the controller (method) from the commandline. Read up on a few good articles here about cron...

[eluser]mddd[/eluser]
@paulc010: That won't work; the function will not only be hidden from web users but also from a call through the php command line.

@Sinclair: You can check the $_ENV variables. Some of them will have different values when called through the webserver than when the script is called directly from php.

[eluser]Tominator[/eluser]
[quote author="mddd" date="1272284903"]@paulc010: That won't work; the function will not only be hidden from web users but also from a call through the php command line.

@Sinclair: You can check the $_ENV variables. Some of them will have different values when called through the webserver than when the script is called directly from php.[/quote]

How you want to run it then?

Code:

private function hello()
{
echo 'You can call only from my parrent class';
}

[eluser]paulc010[/eluser]
@mddd Hmm. Not sure that a naming convention will have any effect on anything other than code written to recognise it. I use the underscore method with Modular Extensions and the following works fine:

Code:

modules::run('controller/_hidden');

Visiting the url /controller/_hidden will give a 404 as the router "hides" the method. By not defining an index function, then the entire controller will return a 404 providing no methods in the class lack the underscore prefix.

Paul

[eluser]mddd[/eluser]
The point here is not about private methods. The point is that the TS wants to run something from the (unix) commandline (maybe through a cron command). But that code must not be callable by someone using the website. So he wants to call something like

Code:

usr/bin/php /my/ci/folder/crons/my-cron

but other people should not be able to go to

Code:

htttp://example.com/crons/my-cron

So the solution is to check for php variables that are different in the case of a direct call as opposed to a call from someone through a (browser) client.
Or, another solution could be to insert some secret word in the call. Like

Code:

usr/bin/php /my/ci/folder/crons/my-cron/mysecretcronpassword

and only allow the code to be executed if that 'password' is in there. But of course, that is not real protection as the script could still be called using

Code:

htttp://example.com/crons/my-cron/mysecretcronpassword

[eluser]WanWizard[/eluser]
[quote author="mddd" date="1272284903"]@Sinclair: You can check the $_ENV variables. Some of them will have different values when called through the webserver than when the script is called directly from php.[/quote]
What I use is:

Code:

define('CLI_MODE', isset($_SERVER['HTTP_HOST']) ? FALSE : TRUE );

[eluser]mddd[/eluser]
@paulc010:
But where from would you call that module? I agree that the method (or even the whole controller) would not be available directly to a web user.
But the module must be called somehow. If the script which calls the module is open to the public, the module is also open. Or am I missing something in your explanation?

[eluser]WanWizard[/eluser]
I have the define I mentioned earlier in my index.php.

In the cron controller you could add this to the constructor:

Code:

if ( ! CLI_MODE )
{
    show_error('Your error message here!');
}