Home/ Questions/Q 6806707
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T19:44:37+00:00

I would need to create a php file that will do some work on

  • 0

I would need to create a php file that will do some work on my webserver and that will be called from a program on another server over the internet.
Suppose the php file that will do the work is located at http://www.example.com/work.php

What is the best way to protect unsollicited calls to the http://www.example.com/work.php?

What I need is some mechanism so that when the intended program accesses the url (with some query string parameters), the work gets done, but if somebody type http://www.example.com/work.php in their browser, access will be denied and no work will be done.

The way I’ve thought is to add some ‘token’ in the querystring that would be constructed by some algorithm from the calling program, a sample result could be to append to the url :

?key=randomKeyAtEachCall&token=SomeHexadecimalResultCalculatedFromTheKey

and the key and token would be validated with a reverse algorithm on the php side.

Is that safe,
Are there any better idea?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can try several thinks !

    First try to allow access only from the server that will make the call to your work.php with .htaccess like that:

    <FilesMatch "work\.php$">
    Order deny,allow
    Deny from all
    Allow from 111.111.111.111
</FilesMatch>

    where 111.111.111.111 is the IP of the server that will call the script.

    Another thing you can do is to create a kind of password and send it to the work.php in order to allow the access only to users with password.

    In example.

    The server that call the script:

    $hash = md5('my_secret_key' + date('dFYaG'));

// You can also use any other method you like to call the other script
// such us cURL, sockets and so on.
$f = fopen('http://www.myothersite.com/work.php?skr=' . $hash, 'r');
fclose($f);

    and the server that hosts the work.php

    $hash = md5('my_secret_key' + date('dFYaG'));

if($hash != $_GET['skr'])
{
    die('You do not have permission to access that file...');
}

// Rest of your code goes here
    • 0