Home » Php » curl – Async operation in PHP: file operation scope, argument transfer and restricting execution access

curl – Async operation in PHP: file operation scope, argument transfer and restricting execution access

Posted by: admin July 12, 2020 Leave a comment

Questions:

I have a php script that sends data to another script and processes it async (at least I hope to get it likewise). Here is the code of called.php

include_once("../caller.php");

chdir(__DIR__);

fclose(STDOUT);     //THIS
fclose(STDIN);      //THIS
fclose(STDERR);     //THIS

function giveCake($arg1,$arg2){

    global $mysqli;

    $sleep = 15; //script has to sleep

    (...) code amongst sleep (...)

    sleep($sleep);

    $_SESSION; //would session variable of the user be available if the script is called as described?
//script caller.php is firstly initiated by a script with pre-defined $_SESSION
//now that I'm thinking maybe it won't since it is called from the command line...

    pcntl_exec("/usr/bin/php",Array($_SERVER['argv'][1]));

}

if (!isset($_SERVER["HTTP_HOST"])) { //check if it comes from within the server? localhost?

    $arg1 = parse_str($argv[1], $_GET);
    $arg2 = parse_str($argv[1], $_POST);

    if($arg1 && $arg2){

        giveCake($arg1,$arg2);

    }

}

And my concerns are given in the title, as so:

  1. By closing the file operations (as in the beginning of called.php) does this affect all other scripts that might be using file operations or only the ones affected as in the moment of this execution?
  2. If called using cURL would I let the script vulnerable to inappropriate execution? Although I think I would most certainly have access to $_SESSION that would leave it easily spoofable if someone would want to execute it. Any way to counter this?
  3. Considering the arguments I would need to transfer between scripts could easily achieve a ton of bytes, as in each array around 400 bytes * x arrays would there be any problem regarding execution?

Thank you very much for your help, I hope you don’t consider this to be highly broad since I’ve tried and detailed all my concerns explicitly and would like help in the whole process (easier than fragmenting it). Please help as you can, tyvm.

How to&Answers:

Q1: File operations always affect the script currently in execution, of course including all libraries loaded via require or include.

Q2: Depending on where the caller and the callee sit, you could limit access for example by restricting access to certain IPs and maybe access method via .htaccess.

Like:

<Limit GET POST>
 order deny,allow
 deny from all
 allow from 1.2.3.4
</Limit>

Q3: Also depending on the connection between the two scripts, usually there should be no problem with big data amounts if you have enough bandwidth available.

We have some scripts in operation that handle data in the range of some hundred megabytes regularly. It may be necessary to extend or turn off script execution time limits, by setting max_execution_time in php.ini or by using ini_set(), or use set_time_limit() (which is a different approach).

Answer:

pcntl_exec() will simply replace the current process by the new one. There is actually no communication happening. I’m wondering how you can think that some asynchronous communication is happening.

Also I’m unsure what $_SERVER['argv'][1] should do here. Don’t you mean argv[0]?

So at the moment you just presented a bunch of not-working code. That’s too less.