8 Replies - 619 Views - Last Post: 20 September 2010 - 07:50 AM Rate Topic: -----

#1 Taoiseach  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 41
  • Joined: 19-September 10

MYSQL updates

Posted 19 September 2010 - 02:09 PM

Is there anyway to setup a php script to increase a value every few minutes in an MYSQL database without keeping it open in a browser.

Or could i do it as a setting in MYSQL.
If not, what language would you suggest to learn to do this?
Is This A Good Question/Topic? 0
  • +

Replies To: MYSQL updates

#2 no2pencil  Icon User is online

  • Head MFIC
  • member icon

Reputation: 5068
  • View blog
  • Posts: 26,450
  • Joined: 10-May 07

Re: MYSQL updates

Posted 19 September 2010 - 02:10 PM

Automation would be best handled by a cron job. Assuming that this is on a linux/unix system.
Was This Post Helpful? 1
  • +
  • -

#3 Taoiseach  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 41
  • Joined: 19-September 10

Re: MYSQL updates

Posted 19 September 2010 - 02:38 PM

If i do a cron job on windows or linux like this.

http://www.evaria.co...on-windows.html

Start > Programs > Accessories > System Tools > Scheduled Tasks
"C:\PROGRA~1\MOZILL~1irefox.exe http://www.example.com/cron.php"



What if someone just found the cron.php file and refreshed their page to screw with my server.

Would it be secure to put in a small script to say. IF IP IS FROM SERVER DO IT IF NOT => DO SOMETHING ELSE

This post has been edited by Taoiseach: 19 September 2010 - 02:46 PM

Was This Post Helpful? 0
  • +
  • -

#4 Kruithne  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 99
  • View blog
  • Posts: 439
  • Joined: 28-July 09

Re: MYSQL updates

Posted 19 September 2010 - 03:52 PM

View PostTaoiseach, on 19 September 2010 - 01:38 PM, said:

If i do a cron job on windows or linux like this.

http://www.evaria.co...on-windows.html

Start > Programs > Accessories > System Tools > Scheduled Tasks
"C:\PROGRA~1\MOZILL~1irefox.exe http://www.example.com/cron.php"



What if someone just found the cron.php file and refreshed their page to screw with my server.

Would it be secure to put in a small script to say. IF IP IS FROM SERVER DO IT IF NOT => DO SOMETHING ELSE


Maybe set it so your task goes to...

http://www.example.com/cron.php?key=498349873459874598743598734589475
This is in code box to stop it condensing! :)/>



... or something unlikely someone will guess/type in, then make the PHP script only run the code if that key is there ...

<?php
    if($_GET["key"] == '498349873459874598743598734589475')
    {
        //do code
    }
    else
    {
        header("HTTP/1.0 404 Not Found"); // This will evoke a 404 to maybe put people off? :)/>
    }


This post has been edited by Kruithne: 19 September 2010 - 03:54 PM

Was This Post Helpful? 2
  • +
  • -

#5 Taoiseach  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 41
  • Joined: 19-September 10

Re: MYSQL updates

Posted 19 September 2010 - 04:09 PM

View PostKruithne, on 19 September 2010 - 02:52 PM, said:

View PostTaoiseach, on 19 September 2010 - 01:38 PM, said:

If i do a cron job on windows or linux like this.

http://www.evaria.co...on-windows.html

Start > Programs > Accessories > System Tools > Scheduled Tasks
"C:\PROGRA~1\MOZILL~1irefox.exe http://www.example.com/cron.php"



What if someone just found the cron.php file and refreshed their page to screw with my server.

Would it be secure to put in a small script to say. IF IP IS FROM SERVER DO IT IF NOT => DO SOMETHING ELSE


Maybe set it so your task goes to...

http://www.example.com/cron.php?key=498349873459874598743598734589475
This is in code box to stop it condensing! :)/>



... or something unlikely someone will guess/type in, then make the PHP script only run the code if that key is there ...

<?php
    if($_GET["key"] == '498349873459874598743598734589475')
    {
        //do code
    }
    else
    {
        header("HTTP/1.0 404 Not Found"); // This will evoke a 404 to maybe put people off? :)/>
    }




Good idea!
But if someone used wireshark i would be screwed.But once i use it in the same server as the database i should be ok. Thanks!

This post has been edited by Taoiseach: 19 September 2010 - 04:09 PM

Was This Post Helpful? 0
  • +
  • -

#6 Kruithne  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 99
  • View blog
  • Posts: 439
  • Joined: 28-July 09

Re: MYSQL updates

Posted 19 September 2010 - 04:32 PM

Never heard of Wireshark before - I can't see it being that much of a problem? If someone was to find that file, the PHP script is only seen on the server-side, so they wouldn't be able to know that you have need a &key=3983..~ URI to activate the script. I use the method I mentioned above to safeguard a scheduled daily task on one of the sites and I have no worries about it.

If you were super worried, you could always set something in your MySQL DB (just an extra table with a field in it) that has the date/time on it. Say you wanted to run your PHP script every 5 minutes. Set the task up with the method I mentioned above, then get the script to check the date/time variable set in your DB and match it to the current date/time. If it's been less than 5 minutes, then don't run the rest of the script. If it's been equal or more than 5 minutes, it runs. This way even if someone messes with it, your script will not run more than once every 5 minutes.

Sorry if this is a bit confusing to follow, the logic behind it is pretty simple. :)
Was This Post Helpful? 1
  • +
  • -

#7 JackOfAllTrades  Icon User is online

  • Saucy!
  • member icon

Reputation: 5959
  • View blog
  • Posts: 23,229
  • Joined: 23-August 08

Re: MYSQL updates

Posted 19 September 2010 - 04:39 PM

Put the script OUTSIDE of the www directory structure. On Windows use a scheduled task or the AT cmd or on Linux/Unix/Mac use a cron job and the use the command line version of PHP (CLI).
Was This Post Helpful? 1
  • +
  • -

#8 Taoiseach  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 41
  • Joined: 19-September 10

Re: MYSQL updates

Posted 19 September 2010 - 06:22 PM

View PostKruithne, on 19 September 2010 - 03:32 PM, said:

Never heard of Wireshark before - I can't see it being that much of a problem? If someone was to find that file, the PHP script is only seen on the server-side, so they wouldn't be able to know that you have need a &key=3983..~ URI to activate the script. I use the method I mentioned above to safeguard a scheduled daily task on one of the sites and I have no worries about it.

If you were super worried, you could always set something in your MySQL DB (just an extra table with a field in it) that has the date/time on it. Say you wanted to run your PHP script every 5 minutes. Set the task up with the method I mentioned above, then get the script to check the date/time variable set in your DB and match it to the current date/time. If it's been less than 5 minutes, then don't run the rest of the script. If it's been equal or more than 5 minutes, it runs. This way even if someone messes with it, your script will not run more than once every 5 minutes.

Sorry if this is a bit confusing to follow, the logic behind it is pretty simple. :)

I tested wireshark and it shows up the key since its not encrypted.

Posted Image

I'm going to encrypt the key with a Serpent cipher or blowfish and get it to change depending on the date,time etc. so even if they get the key its not much use.(I'm tired so i might be talking cr*p and it doesn't make any sense).

View PostJackOfAllTrades, on 19 September 2010 - 03:39 PM, said:

Put the script OUTSIDE of the www directory structure. On Windows use a scheduled task or the AT cmd or on Linux/Unix/Mac use a cron job and the use the command line version of PHP (CLI).


Good idea! I will try it tomorrow :).
Was This Post Helpful? 0
  • +
  • -

#9 Kruithne  Icon User is offline

  • D.I.C Regular
  • member icon

Reputation: 99
  • View blog
  • Posts: 439
  • Joined: 28-July 09

Re: MYSQL updates

Posted 20 September 2010 - 07:50 AM

I agree with JackOfAllTrades on putting it outside the directory, I still don't see how Wireshark is a security risk to your site, from what I see that's just showing what YOUR computer is accessing on the internet, I don't see how someone else could use that to tell that YOU are accessing that certain page, with that certain URI key.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1