[ PHP ] kako skinuti zabranu za direktan pristup

Programiranje
1

Pozdrav,

Nisam neki php strucnjak ali nadam se da cu zajedno sa vama uspjeti da rjesim ovaj problem.

Dakle imam cron php fajl lociran u my-site.com/folder , eh sada da bi cron mogao da ga skenira moram da odobrim direktan pristup tome fajlu ( kada ga otvorim preko browser ispise mi “direktan pristup zabranjen” )

  • Evo cod-a:

    <?php if(!isset($access_security) || $current_ip != $_SERVER['SERVER_ADDR']){die("direktan pristup zabranjen");}

  • Ostatak coda iz toga cron php fajla:

$server_query = mysql_query(“SELECT id,ip,port,game FROM serverinfo WHERE UNIX_TIMESTAMP()-last_update>180 ORDER BY rank_pts DESC”);
while($server_row = mysql_fetch_assoc($server_query)){
$server_id = $server_row[‘id’];
$server_ip = $server_row[‘ip’];
$server_port = $server_row[‘port’];
$server_game = $server_row[‘game’];

require_once("gameq.php");
$servers = array('server_'.$server_id => array($server_game, $server_ip, $server_port));
$gq = new GameQ();
$gq->addServers($servers);
$gq->setOption('timeout', 200);
$gq->setFilter('normalise');
$gq->setFilter('sortplayers');
$data = $gq->requestData();


if($data['server_'.$server_id]['gq_online'] == "1"){
	$hostname			= mysql_real_escape_string($data['server_'.$server_id]['gq_hostname']);
	$mapname			= mysql_real_escape_string($data['server_'.$server_id]['gq_mapname']);
	$num_players		= mysql_real_escape_string($data['server_'.$server_id]['gq_numplayers']);
	$max_players		= mysql_real_escape_string($data['server_'.$server_id]['gq_maxplayers']);
	$password			= mysql_real_escape_string($data['server_'.$server_id]['gq_password']);
	$players			= $data['server_'.$server_id]['players'];
	
	$update_query		= mysql_query("UPDATE serverinfo SET online='1', hostname='$hostname', mapname='$mapname', num_players='$num_players', max_players='$max_players', password='$password', last_update='$timestamp' WHERE id='$server_id'");
	$del_player_query	= mysql_query("DELETE FROM players WHERE sid='$server_id'");
	foreach ($players as $player) {
		$player_nickname		= mysql_real_escape_string($player['gq_name']);
		$player_score			= mysql_real_escape_string($player['gq_score']);
		$player_time			= mysql_real_escape_string($player['time']);
		$player_nickname		= (!empty($player_nickname)) ? $player_nickname : 'anonymous';
		if(!is_numeric($player_time)){$player_time = '/';}
		$insert_player_query	= mysql_query("INSERT INTO players (id,nickname,score,time_online,mapname,sid) VALUES ('','$player_nickname','$player_score','$player_time','$mapname','$server_id')");
	}
} else {
	$update_query		= mysql_query("UPDATE serverinfo SET online='0' WHERE id='$server_id'");
}

}

2

Upravo taj dio ti ne dopušta odnosno dio $current_ip != $SERVER[‘SERVERADDR’] kaže ako trenutna ip adresa ( $current_ip negdje drugdje puni ) nije ip adresa servera, nemoj dopustiti pristup. Probaj to maknuti tj “|| $current_ip != $SERVER[‘SERVERADDR’]”

3

Pise se $_SERVER['SERVER_ADDR'] a ne $SERVER['SERVERADDR'] zato ti izbacuje direktan pristup zabranjen…

1 Like
4

Shimi moja greska prilikom kucanja , napisano je $SERVER[‘SERVERADDR’]

lakotuts pobrisao sam || $current_ip != $SERVER[‘SERVERADDR’] i ne pise vise diraktan pristup zabranjen ali cron i dalje ne skenira.
Negdje sam davno procitao da trebam odobriti direktan pristup da bi cron skenirao,ali evo izgleda da nije do toga.

5

Cekaj pa i fora ti je da direktan pristup tom fajlu ne bude dozvoljen ako si http klijent…
Najbolje ti je da izbacis taj fajl iz public_html ili da zabranis pristup u .htaccess

<Files "cron.php">
  Order deny,allow
  Allow from name.of.this.machine
  Allow from another.authorized.name.net
  Allow from 127.0.0.1
  Deny from all
</Files>

A mozes da koristis i php_sapi funkciju koja ce ti pokazati odakle se pristupa skripti i u zavisnosti od toga dozvoliti/ne dozvoliti pristup fajlu…

stavis je na pocetak cron.php fajla

if (PHP_SAPI !== 'cli') {
    exit;
}