echosystem.fr
/
phpservermon
mirror of https://github.com/phpservermon/phpservermon.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Undefined var & 404 -> 403 

PSM_CRON_ALLOW was undefined. Added defined check.
Changed 404 to 403 message.
Added support for php5.
This commit is contained in:
TimZ99 2018-06-29 19:46:58 +02:00
parent 93b324f178
commit fc84c06813
No known key found for this signature in database
GPG Key ID: 4D8268DC68E8339D
3 changed files with 34 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
cron/status.cron.php
View File

@ -30,11 +30,20 @@ require_once __DIR__ . '/../src/bootstrap.php';
if(!psm_is_cli()) {
// check if it's an allowed host
$allow = PSM_CRON_ALLOW;
if(!in_array($_SERVER['REMOTE_ADDR'], $allow) && !in_array($_SERVER["HTTP_X_FORWARDED_FOR"], $allow)) {
header('HTTP/1.0 404 Not Found');
die('<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cron/status.cron.php was not found on this server.</p></body></html>');
if(!isset($_SERVER["HTTP_X_FORWARDED_FOR"])){
$_SERVER["HTTP_X_FORWARDED_FOR"] = "";
}
// define won't accept array before php 7.0.0
// check if data is serialized (not needed when using php 7.0.0 and higher)
$data = @unserialize(PSM_CRON_ALLOW);
$allow = $data === false ? PSM_CRON_ALLOW : $data;
if(!in_array($_SERVER['REMOTE_ADDR'], $allow) && !in_array($_SERVER["HTTP_X_FORWARDED_FOR"], $allow)) {
header('HTTP/1.0 403 Forbidden');
die('<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>IP address not allowed. See the <a href="http://docs.phpservermonitor.org/en/latest/install.html#cronjob-over-web">documentation</a> for more info.</p></body></html>');
}
echo "OK";
}
$cron_timeout = PSM_CRON_TIMEOUT;

17
docs/install.rst
View File

@ -122,7 +122,20 @@ If you're work with cPanel you can follow these steps:
- Type `php /home2/<Type here your cPanel username>/public_html/phpservermon/cron/status.cron.php` in the command field
4. Submit
Cronjob over web
----------------
To allow scheduled status updates over the web, the commandline check is extended with a check on allowed IP address(es).
In config.php add following line::
// PHP 7.0.0 and higher
define('PSM_CRON_ALLOW', array("xxx.xxx.xxx.xxx", "yyy.yyy.yyy.yyy", "zzz.zzz.zzz.zzz"));
// lower versions
define('PSM_CRON_ALLOW', serialize(array("xxx.xxx.xxx.xxx", "yyy.yyy.yyy.yyy", "zzz.zzz.zzz.zzz")));
After that, you can hit the url http(s)://"yourmonitor.com"/cron/status.cron.php over the web from your allowed IP.
Troubleshooting
+++++++++++++++
@ -130,4 +143,4 @@ Troubleshooting
If you have problems setting up or accessing your monitor and do not know why, enable debug mode to turn on error reporting.
To enable debug mode, add the following line to your config.php file::
define('PSM_DEBUG', true);
define('PSM_DEBUG', true);

6
src/bootstrap.php
View File

@ -58,6 +58,12 @@ if(PSM_DEBUG) {
ini_set('display_errors', 0);
}
// check for a cron allowed ip array
if(!defined('PSM_CRON_ALLOW')) {
//serialize for php version lower than 7.0.0
define('PSM_CRON_ALLOW', serialize(array()));
}
$vendor_autoload = PSM_PATH_SRC . '..' . DIRECTORY_SEPARATOR . 'vendor' . DIRECTORY_SEPARATOR . 'autoload.php';
if(!file_exists($vendor_autoload)) {
die('No dependencies found in vendor dir. Did you install the dependencies? Please run "php composer.phar install".');