Access Denied For User 'Root' @ 'IPADDRESS' (using password:NO)

[NickD]

Hello PHP gurus,

complete newbie here (gurus' hearts sink) and I'm working on a slightly customised version of a PHP Tutorial How To Code a Signup Form With Email Confirmation. 

 

Basically a new user signs up putting email address and password into a form, the form updates the mysql database user and confirm fields and sends an email to the new user with an activation key, which is then clicked to confirm the sign up.

 

After to and froing I've got the program to accept the user data, update the database, send the email with the activation url which is a confirm.php page with email and confirmation key parameters but when the activation url is clicked the confirm page comes up with:

Access denied for user'root'@'IPaddress' (using password:NO) 

 

the MySQL set up on the server is that the Database  name is the same as the username (not root)

 

The activation key looks like the following:

WebsiteURL/signup/confirm.php?email=EmailAddress&signupkey=ac9914a171a0eb2a221fe526621693a4

 

This is extremely puzzling to me as the DB has been accessed and updated  (on the sign-up form)using the same config file as is used in the confirm page 

 

 

Below is the confirm page php code.

.

 

Server - localhost via UNIX socket

MYSQL Server type

Server Version 5.5.35 MySQL community Server (GPUL

Server chardet UTF-8 Unicode

 

Web server Apache /2.4.6 (Unix)

 

The DB has two tables:

users - fields id, email,password,active;

confirm - id, userid, signupkey,email;

 

If further information is required, or the actual URL /IP address, to assist please notify me.

 

Thanking you in anticipation,

 

Nick

<?php

include_once 'includes/php/config.php';
include_once 'includes/php/functions_new.php';

?>

<?php
include 'signup/elements/header.php'; ?>

<?php

//setup some variables
$action = array();
$action['result'] = null;

//check if the $_GET variables are present
	
//quick/simple validation
if(empty($_GET['email']) || empty($_GET['signupkey'])){
	$action['result'] = 'error';
	$action['text'] = 'We are missing variables. Please double check your email.';			
}
		
if($action['result'] != 'error'){

	//cleanup the variables
	$email = mysql_real_escape_string($_GET['email']);
	$signupkey = mysql_real_escape_string($_GET['signupkey']);
	
	//check if the key is in the database
	$check_key = mysql_query("SELECT * FROM `confirm` WHERE `email` = '$email' AND `signupkey` = '$signupkey' LIMIT 1") or die(mysql_error());
	
	if(mysql_num_rows($check_key) != 0){
				
		//get the confirm info
		$confirm_info = mysql_fetch_assoc($check_key);
		
		//confirm the email and update the users database
		$update_users = mysql_query("UPDATE `users` SET `active` = 1 WHERE `id` = '$confirm_info[userid]' LIMIT 1") or die(mysql_error());
		//delete the confirm row
		$delete = mysql_query("DELETE FROM `confirm` WHERE `id` = '$confirm_info[id]' LIMIT 1") or die(mysql_error());
		
		if($update_users){
						
			$action['result'] = 'success';
			$action['text'] = 'User has been confirmed. Thank-You!';
		
		}else{

			$action['result'] = 'error';
			$action['text'] = 'The user could not be updated Reason: '.mysql_error();;
		
		}
	
	}else{
	
		$action['result'] = 'error';
		$action['text'] = 'The key and email is not in our database.';
	
	}

}


?>

<?= 
show_errors($action); ?>

<?php
include 'signup/elements/footer.php'; ?>

[mac_gyver]

it's likely that the complete error message (less any server specific account/path info in it) would provide additional information as to the problem or knowing at what point in your code that error is being produced.

 

best guess, either the path to your included file is different for this particular code and the database connection wasn't attempted or you are mixing using mysql functions in your code but your database connection is actually a mysqli connection, and your mysql_real_escape_string/mysql_query functions are actually trying to create a mysql connection using the default/empty database connection credentials.

 

to help pin down the problem, your generic die(mysql_error()) should actually include a text string identifying what was occurring when the code failed. was the code trying to make a database connection, was it trying to select a database, was it trying to run a query (and which query, i.e. echo the sql query being ran as well.)

[NickD]

mysql_connect('localhost', 'UserName', 'Password') or die("I couldn't connect to your database, please make sure your info is correct!");
mysql_select_db('DBName') or die("I couldn't find the database table () make sure it's spelt right!");

Hello mac_gyver,

thankyou for your prompt response.

 

The config file above has the db access lines  / die statements and neither error message shows.

 

In my ignorance I did not put the following piece of information in my original post:

Web Server Details

PHP extension: mysqli

 

So I think your point about mixing up mysqli connection and the MySQLdetails is spot on.

 

Could you explain where I have gone wrong and how I would go about remedying the situation please?

 

Kind Regards,

 

Nick

[mac_gyver]

all the code you have posted is using the same library of functions, mysql (no i), so this problem is not due to mixing one type of connection with a different type of query calls. just because you have the mysqli extension enabled, you must use the mysqli_ functions in your code to make use of it.

 

best guess is your include file isn't being included and you don't have a database connection at the point where the mysql_real_escape_string function is being used and the error is actually coming at that point (php attempts to make a mysql connection at any mysql statement if there isn't already a connection, but this usually fails since the default user/password that php uses for this is usually not set.)

 

start by making sure that php's error_reporting is set to E_ALL and display_errors is set to ON. you should actually have these set in your php.ini, but you can set them in your code, immediately after the first <?php tag.

[NickD]

Hello mac_gyver,

 

thankyou very much for the reply, you were right about the include file not being included, I put the confirm page in the lower level directory and it picked up the correct file path from there. DOH.

 

I've self learnt quite a few programming languages but this is the first web based one for me so it's all a bit new and I'm aware that at times I can't see the wood for the trees yet!

 

Your insight and patience are greatly appreciated.

 

Kind Regards,

 

Nick