In PHP, how to detect the execution is from CLI mode or through browser ?
Use the php_sapi_name()
function.
if (php_sapi_name() == "cli") {
// In cli-mode
} else {
// Not in cli-mode
}
Here are some relevant notes from the docs:
php_sapi_name — Returns the type of interface between web server and PHP
Although not exhaustive, the possible return values include aolserver, apache, apache2filter, apache2handler, caudium, cgi (until PHP 5.3), cgi-fcgi, cli, cli-server, continuity, embed, isapi, litespeed, milter, nsapi, phttpd, pi3web, roxen, thttpd, tux, and webjames.
PHP - how to best determine if the current invocation is from CLI or web server?
php_sapi_name
is the function you will want to use as it returns a lowercase string of the interface type. In addition, there is the PHP constant PHP_SAPI
.
Documentation can be found here: http://php.net/php_sapi_name
For example, to determine if PHP is being run from the CLI, you could use this function:
function isCommandLineInterface()
{
return (php_sapi_name() === 'cli');
}
What is the canonical way to determine commandline vs. http execution of a PHP script?
Use the php_sapi_name()
function.
if (php_sapi_name() == "cli") {
// In cli-mode
} else {
// Not in cli-mode
}
Here are some relevant notes from the docs:
php_sapi_name — Returns the type of interface between web server and PHP
Although not exhaustive, the possible return values include aolserver, apache, apache2filter, apache2handler, caudium, cgi (until PHP 5.3), cgi-fcgi, cli, cli-server, continuity, embed, isapi, litespeed, milter, nsapi, phttpd, pi3web, roxen, thttpd, tux, and webjames.
In PHP >= 4.2.0, there is also a predefined constant, PHP_SAPI
, that has the same value as php_sapi_name()
.
How to check with PHP if the script is being run from the console or browser request?
Use php_sapi_name()
Returns a lowercase string that
describes the type of interface (the
Server API, SAPI) that PHP is using.
For example, in CLI PHP this string
will be "cli" whereas with Apache it
may have several different values
depending on the exact SAPI used.
For example:
$isCLI = (php_sapi_name() == 'cli');
You can also use the constant PHP_SAPI
Detecting the environment in PHP CLI scripts
You can use php_uname('n')
to get the hostname of your current machine. From there it's up to your implementation to determine whether it's production, staging, or development, either based on patterns in host name, hard-coded values, or some other configuration file.
How to check if PHP script is running by shell
Use the php_sapi_name
function:
if(php_sapi_name() == 'cli')
{
// running from CLI
}
From the Manual:
Returns a lowercase string that describes the type of interface (the Server API, SAPI) that PHP is using. For example, in CLI PHP this string will be "cli" whereas with Apache it may have several different values depending on the exact SAPI used. Possible values are listed below.
Emulating PHP's CLI in a browser
Call this function trough a RPC or a direct POST from javascript, which does things in this order:
- Write the PHP code to a file (with a random name) in a folder (with a random name), where it will sit alone, execute, and then be deleted at the end of execution.
- The current PHP process will not run the code in that file. Instead it has to have exec permissions (safe_mode off).
exec('php -c /path/to/security_tight/php.ini')
(see php -?) - Catch any ouput and send it back to the browser. You are protected from any weird errors. Instead of exec I recomment
popen
so you can kill the process and manually control the timeout of waiting for it to finish (in case you kill that process, you can easily send back an error to the browser);
You need lax/normal security (same as the entire IDE backend) for the normal PHP process which runs when called through the browser.
You need strict and paranoid security for the php.ini and php process which runs the temporary script (go ahead and even separate it on another machine which has no network/internet access and has its state reverted to factory every hour just to be sure).
Don't use eval()
, it is not suitable for this scenario. An attacker can jump out into your application and use your current permissions and variables state against you.
Related Topics
Replace Woocommerce_Add_Order_Item_Meta Hook in Woocommerce 3.4
Running Composer Returns: "Could Not Open Input File: Composer.Phar"
Understanding MVC: Whats the Concept of "Fat" on Models, "Skinny" on Controllers
How to Pass Get Parameters to Laravel from with Get Method
Symfony2, Dynamic Db Connection/Early Override of Doctrine Service
Notice: Undefined Offset: 0 In
Which Line Break in PHP Mail Header, \R\N or \N
Inserting Google Calendar Entries with Service Account
Prevent Nginx 504 Gateway Timeout Using PHP Set_Time_Limit()
Redirect After Login on Wordpress
How to Get Time Zone Through Ip Address in PHP
Set Session in Database in PHP