Home/ Questions/Q 6602755
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T18:54:51+00:00

I have on a server a PHP scrip that updates a DB. I want

  • 0

  1. I have on a server a PHP scrip that updates a DB.

  2. I want to be able to call this script from remote, either from another server or
    my localhost PC using a GET, or from the browser using AJAX,

  3. But I don’t want anyone to be able to call this script unless
    allowed.

So far I simply added into the script a piece of code to verify a certain pin in the GET, i.e.

//myscript.php

if( isset($_GET['pin']) && $_GET['pin'] === '1234' )
{
   //update the DB...

In this way remote caller must know the pin, i.e.

file_get_contents(http://remoteserver.com/myscrip.php?pin=1234); //will work
file_get_contents(http://remoteserver.com/myscrip.php?pin=5678); //will NOT work

This seems so simple that I’m wondering if it’s secure.

What are other possible more secure alternatives (maybe not too more complicated)?

For instance, I read about using an hash that changes over time, but is it worth it, how could it be done?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    you could password protect the folder (can be done easy if you are using cpanel or plesk) and use curl to access that url.

    $ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_USERPWD, $username . ':' . $password);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
$output = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);
    • 0