Results 1 to 7 of 7

Thread: RSS Import Cron URL for God Users Only

  1. #1
    New Pligger mt2009's Avatar
    Joined
    Mar 2009
    Posts
    4

    RSS Import Cron URL for God Users Only

    Hi Guys,

    How To block public access to my module.php?

    Just by pointing to this adress on the url bar http://www.domain.com/module.php?module=rss_import_do_import everyone can run the import module even if we aren't logged in.

    I think It's not a security problem but everyone can make our server uses high resources by using public cron service to run this url every 15 seconds..

    So is there any solution to make this only accessible by localhost?


    Thanks

  2. #2
    Pligg Founder/Coder/Designer Yankidank's Avatar
    Joined
    Dec 2005
    Location
    San Francisco, CA
    Posts
    5,538
    Ok, your title was not a very good description so I am going to change that for you to make it describe your issue a little better. I also moved it to the proper forum.

    If you want to block access to the RSS import cron page so that only a logged in users can view the page here are some instructions. But first I warn everyone that by doing this you will not be able to set up a cronjob script to automatically run the import script for you since it will need to be authenticated for it to work after this change.

    Open: /modules/rss_import/rss_import_main.php

    Find:
    Code:
            // breadcrumbs and page title
            $navwhere['text1'] = $main_smarty->get_config_vars('PLIGG_Visual_Header_AdminPanel');
            $navwhere['link1'] = getmyurl('admin', '');
            $navwhere['text2'] = $main_smarty->get_config_vars('PLIGG_Visual_Header_AdminPanel_RSSImport');
            $navwhere['link2'] = my_pligg_base . '/module.php?module=rss_import';
            $navwhere['text3'] = $main_smarty->get_config_vars('PLIGG_Visual_Header_AdminPanel_RSSImport_Feeds');
            $main_smarty->assign('navbar_where', $navwhere);
            $main_smarty->assign('posttitle', ' / ' . $main_smarty->get_config_vars('PLIGG_Visual_Header_AdminPanel_RSSImport'));
            
            // show the template
            if ($insideTpl == true){
            $main_smarty->assign('tpl_center', rss_import_tpl_path . 'import_fields_center');
            $main_smarty->display($template_dir . '/admin/admin.tpl');    
            } else {
                $main_smarty->display(rss_import_tpl_path_2 . 'import_fields_center.tpl');        
            }
    Replace with:
    Code:
            force_authentication();
            $canIhaveAccess = 0;
            $canIhaveAccess = $canIhaveAccess + checklevel('god');
            if($canIhaveAccess == 1)
            {    
                // breadcrumbs and page title
                $navwhere['text1'] = $main_smarty->get_config_vars('PLIGG_Visual_Header_AdminPanel');
                $navwhere['link1'] = getmyurl('admin', '');
                $navwhere['text2'] = $main_smarty->get_config_vars('PLIGG_Visual_Header_AdminPanel_RSSImport');
                $navwhere['link2'] = my_pligg_base . '/module.php?module=rss_import';
                $navwhere['text3'] = $main_smarty->get_config_vars('PLIGG_Visual_Header_AdminPanel_RSSImport_Feeds');
                $main_smarty->assign('navbar_where', $navwhere);
                $main_smarty->assign('posttitle', ' / ' . $main_smarty->get_config_vars('PLIGG_Visual_Header_AdminPanel_RSSImport'));
                
                // show the template
                if ($insideTpl == true){
                $main_smarty->assign('tpl_center', rss_import_tpl_path . 'import_fields_center');
                $main_smarty->display($template_dir . '/admin/admin.tpl');    
                } else {
                    $main_smarty->display(rss_import_tpl_path_2 . 'import_fields_center.tpl');        
                }
            }
    The Facebook Module for Pligg CMS!
    Register, Login, and Submit Stories with Facebook. An absolute MUST HAVE for all Pligg sites!

  3. #3
    New Pligger mt2009's Avatar
    Joined
    Mar 2009
    Posts
    4
    Hi Yankidank,

    Thanks for your response...

    BTW, is there no other way so the import.php/module.php can only be accessed by localhost? because i want to automate it using cron..

    if i add these line in my htaccess, module.php can only be accesed by localhost others can't access it:

    Code:
    <Files ~ "module.php">
       Order allow,deny
       Deny from All
    </Files>
    but will it cause a problem for overall pligg script?


    Thanks

  4. #4
    Pligg Founder/Coder/Designer Yankidank's Avatar
    Joined
    Dec 2005
    Location
    San Francisco, CA
    Posts
    5,538
    I believe that would break most modules so normal users couldn't use modules.
    The Facebook Module for Pligg CMS!
    Register, Login, and Submit Stories with Facebook. An absolute MUST HAVE for all Pligg sites!

  5. #5
    New Pligger mt2009's Avatar
    Joined
    Mar 2009
    Posts
    4
    Hi Yankidank,

    How about i change all the "override" url parameter to someting like "xdwaover" in import_fields_center.tpl
    and delete the "run anyway" text & link so public don't know the link.

    can this cause a problem for overall script too?

    Thanks

  6. #6
    Pligg Founder/Coder/Designer Yankidank's Avatar
    Joined
    Dec 2005
    Location
    San Francisco, CA
    Posts
    5,538
    Not sure if you are using the right part of the code, but that idea would probably work fine.
    The Facebook Module for Pligg CMS!
    Register, Login, and Submit Stories with Facebook. An absolute MUST HAVE for all Pligg sites!

  7. #7
    New Pligger BillyC's Avatar
    Joined
    Jun 2008
    Posts
    18
    edit: nvm, found the answer. sorry!

Similar Threads

  1. RSS import, cron import error?
    By leftwigg in forum Questions & Comments
    Replies: 4
    Last Post: 07-18-2010, 06:58 AM
  2. RSS import cron with 1.0
    By oobie11 in forum Questions & Comments
    Replies: 13
    Last Post: 10-11-2009, 12:50 AM
  3. RSS import cron...........
    By bhatiacane in forum Questions & Comments
    Replies: 2
    Last Post: 08-29-2009, 10:39 PM
  4. RSS Import Cron
    By talon21 in forum Questions & Comments
    Replies: 5
    Last Post: 05-16-2009, 07:39 AM
  5. Cron job error for rss import
    By oksos in forum Questions & Comments
    Replies: 0
    Last Post: 02-11-2009, 08:23 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •