系统函数调用，有什么建议吗? [英] system function call, any suggestions?

问题描述

我建立了一个用户需要登录的网站，身份验证基于 SESSION 变量和数据库.

I have a build a website where users need to login to, and the authentication is based on SESSION variables and DB.

为了简化，让我这样描述它:我有属于组的简单用户，我有组管理员.他们都拥有订阅.当组经理决定升级服务时，它会立即为他的所有用户完成.我需要更新所有订阅，并且需要单独为每个订阅收费.

To simplify, let me describe it like this: I have simple users who belong to groups, and I have group managers. All of them own a subscription. When a group manager decides to upgrade a service, it is done for all his users immediately. I would need to update all subscriptions and I would need to go and charge for each subscription individually.

所以.我需要做的是去数据库，然后开始一个一个:

So. What I need to do is go to the DB, and start going one by one:

1. charge
2. receive status from cc company.
3. update the DB entry accordingly.
4. repeat for next simple user

问题是，当组管理员更新服务时，我需要启动一个批处理，这可能需要一段时间才能完成，但是如果组管理员出于某种原因关闭了浏览器(按下停止按钮)，断电，无数其他原因导致连接断开)，操作将无法完成.用户将得不到治疗.

The thing is, that when a group manager is updating the service, I would need to fire a batch process, which might take a while to complete, but if the group manager closes the browser for some reason (presses the stop button, power goes out, zillion other reasons the connection goes out), the action wouldn't complete. And users will be left untreated.

我认为解决此问题的方法是使用 PHP 脚本启动 shell 命令.我会将参数发送到像 system("php batch.php?ID=$group_id?process=all") 这样的脚本，这反过来可能会完成工作.

I thought the way to go about this would be to start a shell command with a PHP script. I would send the parameters to the script like system("php batch.php?ID=$group_id?process=all") which in turn would probably get the job done.

我的问题是，我习惯于通过 SESSION 参数等对我的用户和整个网站的数据进行身份验证.但在这种情况下(调用系统命令)，我无法真正去检查谁真正解雇了那个脚本.它可能是一个用户，也可能是我想要的脚本.

My issue is, that I am used to authenticating my users and the data throughout the website, as said, by SESSION parameters etc. But in this case (calling a system command), I cannot really go and check who actually fired that script. It could be a user, it could be the script I intended.

我想阻止用户访问该脚本，并且我希望该脚本在发布后完成.

I would like to prevent users accessing that script, and I want that script to be completed after it has been issued.

我怎样才能做到这一点?还有其他建议吗?

How can I accomplish that ? Any other suggestions ?

谢谢！

推荐答案

1. 将值作为 argv 参数传递 (php batch.php $group_id all)
2. 检查$_SERVER['argv']
中是否存在这些

1. Pass the values as argv parameters (php batch.php $group_id all)
2. Check whether these exist in $_SERVER['argv']

为了记录，$_SERVER['argv'] 是命令行的 $_GET.网页不能设置 argv 值，所以你很安全.

For the record, $_SERVER['argv'] is the $_GET for the command line. Webpages can't set argv values, so you're safe.

当然最好不要将此文件放在您的网络目录中.

Better of course would be to simply not put this file in your web directory.

这篇关于系统函数调用，有什么建议吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！