Cron job script location?

[redactuk]

Can anyone offer some advice on most secure location for a custom cron job script?

 

I notice the new Cron Tasks Manager offers as an example a script in admin folder called cron_currencies_rates:

if (!defined('_PS_ADMIN_DIR_'))
    define('_PS_ADMIN_DIR_', getcwd());
include(_PS_ADMIN_DIR_.'/../config/config.inc.php');

if (isset($_GET['secure_key']))
{
    $secureKey = md5(_COOKIE_KEY_.Configuration::get('PS_SHOP_NAME'));
    if (!empty($secureKey) AND $secureKey === $_GET['secure_key'])
                Currency::refreshCurrencies();
}

I'm assuming this is good format to model my own php script on?

 

Can anyone point me to some information on how secure_key is being used here?

 

Many thanks

Edited September 5, 2014 by redactuk (see edit history)

[vekia]

you can place script in root prestashop directory,

remember to build it in the same way as script you mentioned

include prestashop libraries and use there only NATIVE prestashop functions if you want to deal with database etc.

[redactuk]

Thanks Vekia. I guess I was wondering if there was a  'best practice' location for scripts, especially those to be called by crons. Would you say it's therefore better for script to live in root rather than admin folder?*

 

*I take it PS upgrades via 1-click-upgrade don't delete custom scripts located in certain places?

 

As for secure_key, I notice in 'Cron tasks manager' module their is default 'help value' in the Target Link field when adding a new entry that includes a suggested secure_key. I wonder is default displayed there is actually being generated for current shop to match an evaluation via

md5(_COOKIE_KEY_.Configuration::get('PS_SHOP_NAME'));

I'm trying to understand best practice for securing cron jobs from external access. Is using a secure_key best way?

 

Also, do you know if there are any requirements from 'Cron tasks manager' module to work?

Currently any entry I add fails to run. Very strange

Edited September 6, 2014 by redactuk (see edit history)

[hpar]

If your task is called only from command line, you can enforce it with a test.

if (php_sapi_name() !== "cli")
   die('Only run from CLI');

[Kogkalidis]

you can place script in root prestashop directory,

remember to build it in the same way as script you mentioned

include prestashop libraries and use there only NATIVE prestashop functions if you want to deal with database etc.

What do you mean by "Native"? You mean only core functions, not module ones?