echosystem.fr
/
phpservermon
mirror of https://github.com/phpservermon/phpservermon.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Undefined var & 404 -> 403 

PSM_CRON_ALLOW was undefined. Added defined check.
Changed 404 to 403 message.
Added support for php5.
This commit is contained in:
TimZ99 2018-06-29 19:46:58 +02:00
parent 93b324f178
commit fc84c06813
No known key found for this signature in database
GPG Key ID: 4D8268DC68E8339D
3 changed files with 34 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
cron/status.cron.php
View File

@ -30,11 +30,20 @@ require_once __DIR__ . '/../src/bootstrap.php';
if(!psm_is_cli()) {
// check if it's an allowed host
$allow = PSM_CRON_ALLOW;
if(!in_array($_SERVER['REMOTE_ADDR'], $allow) && !in_array($_SERVER["HTTP_X_FORWARDED_FOR"], $allow)) {
header('HTTP/1.0 404 Not Found');
die('<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /cron/status.cron.php was not found on this server.</p></body></html>');
if(!isset($_SERVER["HTTP_X_FORWARDED_FOR"])){
$_SERVER["HTTP_X_FORWARDED_FOR"] = "";
}
// define won't accept array before php 7.0.0
// check if data is serialized (not needed when using php 7.0.0 and higher)
$data = @unserialize(PSM_CRON_ALLOW);
$allow = $data === false ? PSM_CRON_ALLOW : $data;
if(!in_array($_SERVER['REMOTE_ADDR'], $allow) && !in_array($_SERVER["HTTP_X_FORWARDED_FOR"], $allow)) {
header('HTTP/1.0 403 Forbidden');
die('<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>403 Forbidden</title></head><body><h1>Forbidden</h1><p>IP address not allowed. See the <a href="http://docs.phpservermonitor.org/en/latest/install.html#cronjob-over-web">documentation</a> for more info.</p></body></html>');
}
echo "OK";
}
$cron_timeout = PSM_CRON_TIMEOUT;

13
docs/install.rst
View File

@ -123,6 +123,19 @@ If you're work with cPanel you can follow these steps:
4. Submit
Cronjob over web
----------------
To allow scheduled status updates over the web, the commandline check is extended with a check on allowed IP address(es).
In config.php add following line::
// PHP 7.0.0 and higher
define('PSM_CRON_ALLOW', array("xxx.xxx.xxx.xxx", "yyy.yyy.yyy.yyy", "zzz.zzz.zzz.zzz"));
// lower versions
define('PSM_CRON_ALLOW', serialize(array("xxx.xxx.xxx.xxx", "yyy.yyy.yyy.yyy", "zzz.zzz.zzz.zzz")));
After that, you can hit the url http(s)://"yourmonitor.com"/cron/status.cron.php over the web from your allowed IP.
Troubleshooting
+++++++++++++++

6
src/bootstrap.php
View File

@ -58,6 +58,12 @@ if(PSM_DEBUG) {
ini_set('display_errors', 0);
}
// check for a cron allowed ip array
if(!defined('PSM_CRON_ALLOW')) {
//serialize for php version lower than 7.0.0
define('PSM_CRON_ALLOW', serialize(array()));
}
$vendor_autoload = PSM_PATH_SRC . '..' . DIRECTORY_SEPARATOR . 'vendor' . DIRECTORY_SEPARATOR . 'autoload.php';
if(!file_exists($vendor_autoload)) {
die('No dependencies found in vendor dir. Did you install the dependencies? Please run "php composer.phar install".');