How can I make a PHP script that cannot be called by a web browser?

Question

Possible Duplicate:
PHP - how to best determine if the current invocation is from CLI or web server?

I know the obvious answer is to place the script outside the web root, but I'm hesitant to do that in my project since that complicates installation and might not even be possible in some shared hosting environments.

I know some frameworks (CodeIgniter specifically) have a framework specific way of making sure a script cannot be called by navigating to it through a web browser, but I'm wanting a way to do this via stock PHP. Specifically, my script is designed to be called by cron. How can I make it so my script errors out if called in a web browser but executes correctly when called by cron?

Answer 1

How about:

if (!array_key_exists("TERM", $_SERVER)) {
    exit;
}

Answer 2

You can place your script in a diractory that has a file named .htaccess in it (the dot is important!) with the following content:

order deny,allow
deny from all

Answer 3

Check the superglobal $_SERVER for server-ish keys (say, 'SERVER_NAME', 'SERVER_SOFTWARE', 'REQUEST_METHOD'). If they're there, die. If not, continue on.

Answer 4

There are plenty of ways, I usually do:

if (!isset($argv)) die('Not allowed');

Otherwise, a lot of vars in $_SERVER can be checked (HTTP_HOST, USER_AGENT, etc.), but the $argv method definitely works for me.