I created a cron job through goDaddy control center.
The cron job is in the folder "cron jobs".
I don't want anyone to be able to run it, how should I set the permissions of the folder so that it can't be publicly opened but it still can be used for the cron job?
Will unchecking Public > Read be enough to prevent anyone from running it?
Just put the files outside of the webroot/document root folder.
In .htaccess add this.
<Location /cronjobs>
order deny,allow
deny from all
allow from 127.0.0.1
</Location>
I included allow from 127.0.0.1 so it can be run from the server, i.e. so the cron can still run.
Put it in a directory, and in that directory create a file called .htaccess with this inside:
<FILESMATCH "\.php$">
order deny,allow
deny from all
</FILESMATCH>
Now only the server can access PHP files inside that directory. Example, by include or require.
This is useful for keeping your MySQL password safe, you can put the connection function inside a PHP file in this "protected" directory and include it into your scripts.
One option that you have is to use the $_SERVER values to see if it is a web request or a cli request.
See http://php.net/manual/en/reserved.variables.server.php
I would look at checking to see if the $_SERVER['argv'] value is set at the start of your script(s). If it's not set then exit the script.
Alternatively you can check to see if $_SERVER['SERVER_ADDR'] is set, which would mean it's being executed by the webserver.
Note that I don't have a godaddy account handy to test this, so ensure you verify before going live.
Another possible solution if the file is meant to be used exclusively as an include() and not ran standalone by a user who enters it in the url.
Place this code at the top of the file you want to block direct calling of.
if(basename($_SERVER['PHP_SELF']) == 'blockedFile.php')
{
header('Location: ./index.php');
exit();
}
PHP checks if the file's name is the one being ran directly. If blockedFile.php were included in index.php with include() then basename($_SERVER['PHP_SELF']) would equal index.php. If it were standalone, it would equal blockedFile.php and send the user back to the index page.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 爷、活的狠高调 的文章《How to make .PHP file only accessible to the serve》','https://www.manongdao.com/article-800776.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}