fix: only allow the system and admin to run the cronjobs

README.md

@@ -84,6 +84,7 @@ See instructions to run Wallos below.
 0 9 * * * php /var/www/html/endpoints/cronjobs/sendnotifications.php >> /var/log/cron/sendnotifications.log 2>&1
 */2 * * * * php /var/www/html/endpoints/cronjobs/sendverificationemails.php >> /var/log/cron/sendverificationemail.log 2>&1
 */2 * * * * php /var/www/html/endpoints/cronjobs/sendresetpasswordemails.php >> /var/log/cron/sendresetpasswordemails.log 2>&1
+0 */6 * * * php /var/www/html/endpoints/cronjobs/checkforupdates.php >> /var/log/cron/checkforupdates.log 2>&1
 ```
 
 5. If your web root is not `/var/www/html/` adjust the cronjobs above accordingly.

endpoints/cronjobs/checkforupdates.php

@@ -1,10 +1,11 @@
 <?php
 
+require_once 'validate.php';
 require_once __DIR__ . '/../../includes/connect_endpoint_crontabs.php';
 
 $options = [
     'http' => [
-        'header' => "User-Agent: MyApp\r\n"
+        'header' => "User-Agent: Wallos\r\n"
     ]
 ];
 
@@ -27,4 +28,11 @@
 
 $db->exec("UPDATE admin SET latest_version = '$latestVersion'");
 
+include __DIR__ . '/../../includes/version.php';
+
+if (version_compare($latestVersion, $version) > 0) {
+    echo "New version available: $latestVersion";
+} else {
+    echo "No new version available, currently on $version";
+}
 ?>

endpoints/cronjobs/sendcancellationnotifications.php

@@ -3,6 +3,7 @@
 use PHPMailer\PHPMailer\SMTP;
 use PHPMailer\PHPMailer\Exception;
 
+require_once 'validate.php';
 require_once __DIR__ . '/../../includes/connect_endpoint_crontabs.php';
 
 require __DIR__ . '/../../libs/PHPMailer/PHPMailer.php';

endpoints/cronjobs/sendnotifications.php

@@ -3,6 +3,7 @@
 use PHPMailer\PHPMailer\SMTP;
 use PHPMailer\PHPMailer\Exception;
 
+require_once 'validate.php';
 require_once __DIR__ . '/../../includes/connect_endpoint_crontabs.php';
 
 require __DIR__ . '/../../libs/PHPMailer/PHPMailer.php';

endpoints/cronjobs/sendresetpasswordemails.php

@@ -3,6 +3,7 @@
 use PHPMailer\PHPMailer\SMTP;
 use PHPMailer\PHPMailer\Exception;
 
+require_once 'validate.php';
 require_once __DIR__ . '/../../includes/connect_endpoint_crontabs.php';
 
 $query = "SELECT * FROM admin";

endpoints/cronjobs/sendverificationemails.php

@@ -3,6 +3,7 @@
 use PHPMailer\PHPMailer\SMTP;
 use PHPMailer\PHPMailer\Exception;
 
+require_once 'validate.php';
 require_once __DIR__ . '/../../includes/connect_endpoint_crontabs.php';
 
 $query = "SELECT * FROM admin";

endpoints/cronjobs/updateexchange.php

@@ -1,4 +1,5 @@
 <?php
+require_once 'validate.php';
 require_once __DIR__ . '/../../includes/connect_endpoint_crontabs.php';
 
 // Get all user ids

endpoints/cronjobs/updatenextpayment.php

@@ -1,5 +1,6 @@
 <?php
 
+require_once 'validate.php';
 require_once __DIR__ . '/../../includes/connect_endpoint_crontabs.php';
 
 $currentDate = new DateTime();

endpoints/cronjobs/validate.php

@@ -0,0 +1,16 @@
+<?php
+
+session_start();
+
+$userId = 0;
+if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
+    $userId = $_SESSION['userId'];
+}
+
+if (php_sapi_name() !== 'cli') {
+    if ($userId !== 1) {
+        die("Unauthorized");
+    }
+}
+
+?>

startup.sh

@@ -43,5 +43,8 @@ crontab -d -u root
 # Run updateexchange.php
 /usr/local/bin/php /var/www/html/endpoints/cronjobs/updateexchange.php
 
+# Run checkforupdates.php
+/usr/local/bin/php /var/www/html/endpoints/cronjobs/checkforupdates.php
+
 # Keep the container running indefinitely (this won't exit)
 tail -f /dev/null