Home/ Questions/Q 7705747
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-31T23:56:19+00:00

I realize there are similar posts to this out there, but rest assured, this

  • 0

I realize there are similar posts to this out there, but rest assured, this isn’t a duplicate post!

I have a site on a godaddy server. I DO NOT have access to the outside of the root of my server (everything is public).

I have a file delete.php that needs to run on CRON, and only by CRON. The file should not execute manually at all by anyone for any reason.

Given the above, I am trying to secure my file as much as possible so let’smake this an experiment in security.

So far, I have the following with the goal of making the file as secure as possible:

<?php
$isCLI = ( php_sapi_name() == 'cli' );

if (!$isCLI) {
    die("cannot run!");
} else {
    if(!isset($_SERVER['REQUEST_METHOD'])){
        // Do the task here
    }else{
        die("cannot run!");
    }
}
?>

So, is this logically secure? How can it be made even more secure? godaddy can only allow me to set a date/time to run a file, nothing more.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Checking for the cli SAPI is sufficient; a user executing it via apache (be it mod_php or fastcgi or cgi) will never cause PHP to be called through the CLI sapi. You can get rid of the ugly else {} around your real code though; if you exit; at the end of the then block there is no need for an else block.

    However, not putting that kind of script in the document root at all would be much cleaner. If that’s not possible, also consider using .htaccess:

    Order deny,allow
Deny from all

    If the files are in a folder which shouldn’t be locked down completely, wrap those lines in <Files whatever.php>...</Files>

    • 0