Miks Posted March 17, 2015 Posted March 17, 2015 Is there a way to prevent users from running the cron jobs manually? Or should I relabel them? Quote
G7470 Posted March 17, 2015 Posted March 17, 2015 In MCCodes, it requires a GET code in order to kick off a cron job at all. You could make that code as complex as you would want, really. Relabeling them may also help make it more difficult for those attempting to run your crons manually to do so, but I would say the built-in GET code with MCCodes is your best bet. ~G7470 Quote
Miks Posted March 17, 2015 Author Posted March 17, 2015 I bought Raven Mafia Script which looks like a copy of Mccodes, I'm pretty sure I read somewhere they have a license to sell it. I just tested my cron from logging into a standard user and they were able to run the cron directly. How would I go about preventing this, can you copy and paste what you use? Quote
Veramys Posted March 17, 2015 Posted March 17, 2015 You need to make sure it selects the code from the config file. Then if the code is not right or not there have the page quit. Quote
NonStopCoding Posted March 17, 2015 Posted March 17, 2015 (edited) I bought Raven Mafia Script which looks like a copy of Mccodes, I'm pretty sure I read somewhere they have a license to sell it. I just tested my cron from logging into a standard user and they were able to run the cron directly. How would I go about preventing this, can you copy and paste what you use? as far as i am aware ravens is a ripped of version of mccodes and you will require a license from mccodes.com to run a game (correct me if i am wrong) it also has a ton of paid mods that i am sure are not allowed to be there also i am sure i read someplace that the layout is stolen too Ravens is a junk you should of purchased the latest version of mccodes if you wanted to go down that path for your issue open up config.php and look for 'code' => 'some long code here', in your cron file you will need to create a small bit of code (i believe mccodes v2.05b already has this) that will check if the code matches the code from the config.php if it doesn't then kill the page otherwise run the cron. Edited March 17, 2015 by NonStopCoding Quote
KyleMassacre Posted March 17, 2015 Posted March 17, 2015 Remove the crons from your public_html or www folder. Then in your cron job manager you will just supply the path to the file like /home/username/your_file.php Quote
Truefalse Posted March 17, 2015 Posted March 17, 2015 Remove the crons from your public_html or www folder. Then in your cron job manager you will just supply the path to the file like /home/username/your_file.php Something to add here, if you do this. You will need to execute and parse the PHP file (rather than wget or curl) php -f /path/to/cron.php Quote
JMB Gaming Posted March 17, 2015 Posted March 17, 2015 Make a folder not in public_html or www but the one before that. Label it crons then in your cron files change the file includes (I think they include config or global_noauth?) should be something like "../public_html/config.php" In the cron job manager in the cPanel put this in the command /usr/bin/php -q /home/USERNAME/cron/cron_minute.php Change the username to whatever yours might be. This method you do not need the config code so could be deleted if you really wanted too :) Quote
SRB Posted March 17, 2015 Posted March 17, 2015 1. Move crons below document root; 2. Change paths of includes to go above the level they are at; 3. Change cron tab locations; Quote
Guest Posted March 18, 2015 Posted March 18, 2015 1. Move crons below document root; 2. Change paths of includes to go above the level they are at; 3. Change cron tab locations; You sure you don't mean above? Quote
Miks Posted March 19, 2015 Author Posted March 19, 2015 Thanks guys, my crons are now secured! I went with JMG Gamings suggestion [MENTION=70347]NonStopCoding[/MENTION] For the record I do have a license for Mccodes from 2012 and have pointed it to our domain which was the script from Ravan Mafia Game. I can see how Ravan mafia has ripped Mccodes but after downloading the "latest" version of mccodes it doesnt look like its changed much over the years and is still pretty basic. Thanks for everyone that helped and left there suggestions, much appreciated Quote
NonStopCoding Posted March 19, 2015 Posted March 19, 2015 Thanks guys, my crons are now secured! I went with JMG Gamings suggestion [MENTION=70347]NonStopCoding[/MENTION] For the record I do have a license for Mccodes from 2012 and have pointed it to our domain which was the script from Ravan Mafia Game. I can see how Ravan mafia has ripped Mccodes but after downloading the "latest" version of mccodes it doesnt look like its changed much over the years and is still pretty basic. Thanks for everyone that helped and left there suggestions, much appreciated well you will be fine then :) good luck with your game Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.