Protect call to remote php script

Question

1. I have on a server a PHP scrip that updates a DB.

2. I want to be able to call this script from remote, either from another server or my localhost PC using a GET, or from the browser using AJAX,

3. But I don't want anyone to be able to call this script unless allowed.

So far I simply added into the script a piece of code to verify a certain pin in the GET, i.e.

//myscript.php

if( isset($_GET['pin']) && $_GET['pin'] === '1234' )
{
   //update the DB...

In this way remote caller must know the pin, i.e.

file_get_contents(http://remoteserver.com/myscrip.php?pin=1234); //will work
file_get_contents(http://remoteserver.com/myscrip.php?pin=5678); //will NOT work

This seems so simple that I'm wondering if it's secure.

What are other possible more secure alternatives (maybe not too more complicated)?

For instance, I read about using an hash that changes over time, but is it worth it, how could it be done?

Answer 1

you could password protect the folder (can be done easy if you are using cpanel or plesk) and use curl to access that url.

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_USERPWD, $username . ':' . $password);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
$output = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);