Page 1 of 1
Offline Notification
Posted: Sat Dec 30, 2017 8:12 pm
by jay_hoehn
Jachym,
I think I am having an issue with the offline notification. When the cron runs it produces this output:
HTTP/1.1 200 OK
Date: Sat, 30 Dec 2017 20:06:03 GMT
Server: Apache
X-Powered-By: PHP/7.0.22
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=1c2063e61bd58c2f477836589900ca8c; path=/
Upgrade: h2,h2c
Connection: Upgrade
Vary: User-Agent
Access-Control-Allow-Origin: *
Content-Length: 20
Content-Type: text/html; charset=utf-8
Unauthorized access.
But when I run the script in a browser window I get:
Station online.
I have checked the cron code and copied and pasted from what is given in the setup. I'm just not sure what I should be seeing in the cron.
Jay
Re: Offline Notification
Posted: Sat Dec 30, 2017 9:44 pm
by Jachym
Hi Jay,
some servers dont like parameters in URL, which in this case leads to the password not being recognized.
Try replacing the "?" in the URL with a simple space
eg:
....php pass....
Re: Offline Notification
Posted: Sat Dec 30, 2017 9:57 pm
by jay_hoehn
Jachym,
That didn't help. The cron for the cron folder is written just the same and it works fine. Not sure where to go from here.
Jay
Re: Offline Notification
Posted: Sun Dec 31, 2017 9:30 am
by bidouilleur
Running in the same problem
First tried server side but then tested on local terminal sessions with different options (https versus http, with ' or ", www included or not)
Some security is activated ut as I'm not a coder, not to sure ho to get around it
put a long arrow with !!! at the line I suspect is announcing the block
any geek with a solution ?
Code: Select all
yoyos-Mac-Pro:~ yoyo$ curl -v 'https://www.wouters.fr/meteo/admin/offlineNotification.php?password=passwordredacted'
* Trying 158.69.24.99...
* Connected to www.wouters.fr (158.69.24.99) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: wouters.fr
* Server certificate: Let's Encrypt Authority X3
* Server certificate: DST Root CA X3
> GET /meteo/admin/offlineNotification.php?password=passwordredacted HTTP/1.1
> Host: www.wouters.fr
> User-Agent: curl/7.43.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Server: nginx
< Date: Sun, 31 Dec 2017 09:26:39 GMT
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Vary: Accept-Encoding
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< Set-Cookie: PHPSESSID=7c3b84e41ee73a8c851524f867d65a8b; path=/
< X-XSS-Protection: 1; mode=block <<<<<<<<-------------------------------- !!!!
< X-Content-Type-Options: nosniff
< X-Nginx-Cache-Status: EXPIRED
< X-Server-Powered-By: Engintron
<
* Connection #0 to host www.wouters.fr left intact
Unauthorized access.yoyos-Mac-Pro:~ yoyo$
Re: Offline Notification
Posted: Sun Dec 31, 2017 10:45 am
by Jachym
This seems to be a server configuration issue rather than a script problem, Im afraid I wont be able to help you with this as I know very little about servers myself
Re: Offline Notification
Posted: Sun Dec 31, 2017 11:15 am
by bidouilleur
I can perfectly understand your point as servers have to be protected by more and more scripts to keep them secure, hence these kinda external calls will fall easily under some kinda attack protection rule (in this case it ain't modsecurity triggering but one of the x other layers of protection)
And since we can use x different scripts to secure servers, hard to kno in advance what to expect.
As an alternative for those having to many security layers and can use cron, would it be possible to use a cron with local path so we can use
/usr/local/bin/php /home/account/pathtoofflineNotification.php
and since it is internal to server, maybe no token needed as we are the only ones knowing where it is + externally it'll fall anyway
this might give both options and we choose in accordance with what can be done ?
Sorry if I give once more extra coding work and I don't expect this as a priority
thanks for considering
Re: Offline Notification
Posted: Sun Dec 31, 2017 12:50 pm
by Jachym
Hi,
yes, I suggested this to people who were not even able to run the update CRON. Simply rename the script to something like soinsdofjsofslfjsl.php and then run that, the point is - never delete the password protection and leave the same file name, everyone knows that file name
Re: Offline Notification
Posted: Sun Dec 31, 2017 5:52 pm
by Fraggboy
For some reason I can't post a lengthy repy... :/ It just times out.. Shorter reply works..
Re: Offline Notification
Posted: Sun Dec 31, 2017 6:02 pm
by bidouilleur
Starting from Jachym's proposal I was able to make it work but I leave it to him to decide to release or not my solution. I send it to him personally . It's a bit fiddling and playing but it works for me..
Re: Offline Notification
Posted: Mon Jan 01, 2018 10:55 am
by Jachym
Hi,
maybe I misunderstood your email, but from what you sent me my understanding is that you changed something in your CRON settings.
If this is the case, it si not something I can change in the code because CRON is not a script.
If this is correct then you are more than welcome to post your solution here
Re: Offline Notification
Posted: Mon Jan 01, 2018 11:08 am
by bidouilleur
I duplicated the offline notification file and commented out the part with the identification string, deleted all the html part as it isn't needed, then I just use a classic cron with curl command to call it every 5 minutes
The not so nice part is that anyone knowing the file name could make a call to it but except that I see no other security risk, but once again as I didn't code the original file .. I let the coder decide or not to release it as he is best placed to see if my 'modification' can't be used for bad purposes.
@Jachym : you're best placed for this so if you say my fiddling is ok, I will post it here a complete howto but not before you audited it.
Re: Offline Notification
Posted: Mon Jan 01, 2018 2:04 pm
by Jachym
Go on
Re: Offline Notification
Posted: Mon Jan 01, 2018 2:35 pm
by bidouilleur
OK
As some of us now know, it is impossible to use the standard cron as we get "unauthorised access". I tried several options and as I couldn't find any errors in any log ... account nor server side ...
As Jachym proposed, let's then rework the file so it works without identification and see if we can use internal PHP to access the file .. that road also ended with quite some errors( my lack of coding skills for sure). Finally went back to use 'curl' in the cron command.
As I can't attach the modified file, I will post below the code. FTP in your account, create a new file, give it a name you only can imagine (let's say it is a limited security to avoid anyone else to call it, though it won't hurt)for ex. whatever.php and copy the code in it. Don't forget to give the correct permissions to the file (chmod 755)
This is the cron job I set on my cpanel driven server to call the file, it runs every 5 minutes.
- Screen Shot 2018-01-01 at 15.19.44.png (22.22 KiB) Viewed 22887 times
and this is de code, it includes some explanation on how to use the cron
Code: Select all
<?php
############################################################################
# Meteotemplate
# http://www.meteotemplate.com
# Free website template for weather enthusiasts
# Author: Jachym
# Brno, Czech Republic
# First release: 2015
#
############################################################################
#
# Offline notifications
# adapted to run via cron ; rename this file to whatever.php
# if you can use cron use : curl http://yourdomain/pathtometeoteplate/admin/whatever.php
# if you run a ssl certificate use https instead http
# if you don 't want a notification from your cron add >/dev/null 2>&1
# like this : curl http://yourdomain/pathtometeoteplate/admin/whatever.php >/dev/null 2>&1
# if you have meteotempalte on highest level of your account just delete pathtometeotemplate
#
###########################################################################
session_start();
include("../config.php");
include($baseURL."css/design.php");
include($baseURL."header.php");
if(!file_exists("offlineNotificationsSettings.txt")){
die("Missing notifications settings file");
}
// last station data
$data = file_get_contents("../meteotemplateLive.txt");
$data = json_decode($data, true);
$lastTime = $data['U'];
$notifyData = json_decode(file_get_contents("offlineNotificationsSettings.txt"), true);
$notifyInterval = $notifyData['period'] * 60; // convert to seconds
$notifyThreshold = time() - $notifyInterval;
if($lastTime < $notifyThreshold){
$online = false;
}
else{
$online = true;
}
if($online){
// back online?
if(file_exists("../cache/stationOffline.txt")){
unlink("../cache/stationOffline.txt");
mail($notifyData['email'],"Station back online","Your weather station is now back online.");
echo "Station back online.";
}
else{
echo "Station online.";
}
}
else{
if(!file_exists("../cache/stationOffline.txt")){
file_put_contents("../cache/stationOffline.txt",$lastTime);
mail($notifyData['email'],"Station offline","Your weather station is offline, last time data received: ".date($dateTimeFormat,$lastTime).".");
echo "Station now offline, email sent.";
}
else{
echo "Station still offline.";
}
}
die();
# }
if(isset($_GET['email'])){
$save['email'] = $_GET['email'];
$save['period'] = $_GET['period'];
file_put_contents("offlineNotificationsSettings.txt",json_encode($save));
}
if(file_exists("offlineNotificationsSettings.txt")){
$notifyData = json_decode(file_get_contents("offlineNotificationsSettings.txt"), true);
$notifyEmail = $notifyData['email'];
$notifyPeriod = $notifyData['period'];
}
else{
$notifyEmail = "email@gmail.com";
$notifyPeriod = 30;
}
?>
I hope I didn't forget anything. Hope it works well like it does for me since yesterday. I tested it by unplugging the datafeed from weatherdisplay and waited the time set in the original plugin.
Btw don't delete anything from the original plugin. It still uses that to work.
Enjoy
Re: Offline Notification
Posted: Mon Jan 01, 2018 5:16 pm
by Fraggboy
Don’t use curl. Use wget with quotes around the URL..
In my case, I have 3 calls bundled up in a script. All of them use wget “
http://www.whatever.com”
That way you can call the script internally.
I have a separate job which runs at a different time.
Re: Offline Notification
Posted: Mon Jan 01, 2018 5:29 pm
by bidouilleur
Fraggboy wrote: ↑Mon Jan 01, 2018 5:16 pm
Don’t use curl. Use wget with quotes around the URL..
*****
doesn't work on my server, guess one of the x security protocols blocking .. might work for others though
Re: Offline Notification
Posted: Mon Jan 01, 2018 6:22 pm
by Fraggboy
Have you tried running it in a script so you can call it locally?
Re: Offline Notification
Posted: Fri Jan 19, 2018 1:58 am
by BertSP
I know this thread has been dormant for a few weeks, but I decided to try the notification system again, after it was abandoned.
Using one of the recommended sites and I get nowhere. I get the unauthorized access. I try the built in hosting site cron using the suggested wget and get the following:
..connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: “offlineNotification.php?password=XX.90”
0K 4.37M=0s
2018-01-18 23:51:06 (4.37 MB/s) - “offlineNotification.php?password=XX.90” saved [20]
But the system does not send email offline or on line.
ZWhen I browse with the address, I do get a status line.
I use other cron on the same site with no problems.
Any thought
Re: Offline Notification
Posted: Fri Jan 19, 2018 7:36 am
by Jachym
I would leave it for now, there is a problem with the notification system that Im aware of and I will make sure it is fixed in v18, it will not work right now even if you set it correctly
Re: Offline Notification
Posted: Sat Mar 10, 2018 7:16 pm
by mpca86
Jachym wrote: ↑Fri Jan 19, 2018 7:36 am
I would leave it for now, there is a problem with the notification system that Im aware of and I will make sure it is fixed in v18, it will not work right now even if you set it correctly
Tentokrát pre mňa bude lepšie to opísať po slovensky
Ak odkaz zadám do prehliadača
https://www.sturcel.sk/meteo/admin/offl ... d=heslo123 a som z administrácie odhlásený dostanem odpoveď "
Unauthorized access."
No avšak keď sa prihlásim do administrácie (normálne cez loginpage)a zadám
https://www.sturcel.sk/meteo/admin/offl ... d=heslo123 úž dostanem správu odpoveď či je offline alebo online.
Ešte pripomeniem že $adminPassword a $updatePassword sú rôzne.
Re: Offline Notification
Posted: Sat Mar 10, 2018 8:03 pm
by Jachym
Jj, to už jsme tu řešili, je tam chyba v tom kódu