[SOLVED] How to get rid of :"Warning: mysql_connect() [function.mysql-connect]: Access

[divadiva]

I have declared a session for username and password from user table.

 

//Session Variables	for username and password
$_SESSION['user'] = $u_row['username'];//username value from table user ,which is stored in a session
$_SESSION['password'] = $u_row['password'];

 

I am using the session in

 

if($super_pass) {
	// user supadmin login


	$cfgServer['user'] = $_SESSION['user'];//session user
	$cfgServer['password'] = $_SESSION['password'] ;//session password

	$GLOBALS['link'] = mysql_connect( $cfgServer['host'] , $cfgServer['user'] , $cfgServer['password'] );

	$globvars['dblog'] = $dbsup ;
}

 

But whenever I run the page,it asks for database password.When I enter the session password it doesnt work.Instead I get this error :"Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'xyz'@'localhost' (using password: YES) in /var"

[JonnoTheDev]

This is obviously the incorrect username and password to connect to your database.

Are you sure you are not using a website user's username and password in the connection string rather than the database username/password?

[The Little Guy]

Use this as your stepping stones:

 

$dbHost = "localhost";        //Location Of Database usually its localhost
$dbUser = "xxxx";            //Database User Name
$dbPass = "xxxx";            //Database Password
$dbDatabase = "xxxx";       //Database Name

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");
mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); 

[divadiva]

Thanks for replying.

 

Website username is stored in the database in the user table.I am trying to store that username and password in session.Just to avoid the database prompt screen(report generation) for specific group of users.

 

 

 

 

[divadiva]

If I use this

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");

my conenction dies.

 

My main goal is to check whether my session password matches the database password.Thats the reason I have created session which stores the database value.

 

Here is the page where session are declared.

 

<?/*?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML> 
  <HEAD> 
 <TITLE></TITLE> 
<% */ function pfoc() { %>
<SCRIPT TYPE="text/javascript" LANGUAGE="Javascript">
function placeFocus() {
  for (i = 0; i < document.main.length; i++) {
  	if (document.main.elements[i].name == "super_pass" && document.main.elements[i].type == "password") {
		document.main.elements[i].focus();
		break ;
  	}
  }
} 
</SCRIPT>
<% } /* %>
  </HEAD> 
  <BODY>
  <%*/
globvars('username','password','do');
global $globvars; extract($globvars) ;
session_start(); 
$globvars['session_id'] = session_id();


// get host
if (isset($HTTP_HOST)){
$globvars['host']=$HTTP_HOST;
}
else {
$globvars['host']=$_SERVER['HTTP_HOST'];
}

// get page name
if (isset($PHP_SELF)){
$page=$PHP_SELF;
}
else {
$page=$_SERVER['PHP_SELF'];
}
if(strrpos($page,'/')) {
$page = substr( $page , strrpos($page,'/')+1 );
}
$globvars['page']=$page;

opendb();

function verify($filename) {
global $globvars; extract($globvars) ;
$stamp = date("Y-m-d H:i:s");
$globvars['login']['user'] = null ;
$globvars['login']['email'] = null ;
$globvars['login']['message'] = null ;
$globvars['login']['types'] = null ;
$globvars['login']['pages'] = null ;
$globvars['login']['name'] = null ;


if($filename) {
	$string = "SELECT * FROM `pages` WHERE `filename` = '$filename'";
	$query= mysql_query("$string");
	if(mysql_num_rows($query)) {
		$t_row = mysql_fetch_array($query);
		$utallow = $t_row['user_types'];

		if( ( $do == 'logout' ) && $session_id ) {
			$string = "UPDATE `users` SET `session` = '' WHERE `session` = '$session_id' LIMIT 1";
			mysql_query("$string");
			$globvars['login']['message'] = 'You are logged out';
		}

		elseif($do=='login') {
			if($username && $password) {
				// check user
				$string = "SELECT * FROM `users` WHERE `username` = '$username' AND `password` = '$password'";
				$check = mysql_query("$string");
				if(mysql_num_rows($check)) {
					// user found
					$u_row = mysql_fetch_array($check);
					$string = "UPDATE `users` SET `session` = '$session_id', `lastlogin` = '$stamp' WHERE `username` = '$username' LIMIT 1";
					mysql_query("$string");
					setcookie("username", $username, time()+60*60*24*365);
					$globvars['login']['message'] = 'Welcome ' . $u_row['forename'] . ' ' . $u_row['surname'] . ', you are logged in.' ;
					$globvars['login']['user'] = $u_row['username'] ;

					//Session Variables	for username and password

					$_SESSION['user'] = $u_row['username'];
					echo "username is ".$_SESSION['user'];
					$_SESSION['password'] = $u_row['password'];

					$globvars['login']['name'] = $u_row['forename'] . ' ' . $u_row['surname']  ;
					$globvars['login']['email'] = $u_row['email'] ;
					// run cleanup
					cleanup();
					// check user types
					getutype($utallow,$u_row['utypes']) ;
				}
				else {
					$globvars['login']['message'] = 'Error: Invalid username or password' ;
				}
			}
			else {
				$globvars['login']['message'] = 'Error: Enter username and password' ;
			}
		}

		elseif($session_id) {
			// check if logged in
			$string = "SELECT * FROM `users` WHERE `session` = '$session_id' ";
			$check = mysql_query("$string");
			if(mysql_num_rows($check)==1) {
				// found already logged in
				$u_row = mysql_fetch_array($check);		
				$globvars['login']['user'] = $u_row['username'] ;

				// Session Variables for username and password

				$_SESSION['user'] = $u_row['username'];
				//echo "username <b> "	.$_SESSION['user'] ;
				$_SESSION['password'] = $u_row['password'];

				//echo "</t></b> password  <b>".$_SESSION['password'];

				$globvars['login']['name'] = $u_row['forename'] . ' ' . $u_row['surname']  ;
				$globvars['login']['email'] = $u_row['email'] ;
				// check user types
				getutype($utallow,$u_row['utypes']) ;
			}
		}
	}
}

}

function getutype($utallow,$utypes) {
global $globvars;
if(!$utallow) {
	// all users allowed
	$globvars['login']['types'] = $utypes ;
}
else {
	// loop types to find match
	$utallow_arr = explode(',',$utallow);
	foreach($utallow_arr as $utcheck) {
		if( $utcheck && substr_count( (','.$utypes.',') , (','.$utcheck.',') ) ) {
			$globvars['login']['types'] = $utypes ;
			break ;
		}
	}
}
// get general auths
$string = "SELECT * FROM `gen_authreq`";
$query = mysql_query("$string");
while($q_row = mysql_fetch_array($query)) {
	$thisa = $q_row['type'];
	$globvars['gen_authreq'][$thisa] = $q_row['authreq'] ;
}
}

function allow_types($check){
global $globvars; extract($globvars) ;
$utallow_arr = explode(',',$check);
foreach($utallow_arr as $utcheck) {
	if($utcheck) {
		if(substr_count( ','.$login['types'].',' , ','.$utcheck.',' )) {
			return 1 ;
			break ;
		}
	}
}
}

function login() {
globvars('edit','show','send');
global $globvars; extract($globvars) ;
%>
 <FORM METHOD="POST" ACTION="<%= $page ; %>"> 
	<TABLE BORDER="0" CELLPADDING="3" CELLSPACING="0"> 
	  <TBODY> 
		 <% if($login['message']) { %>
		 <TR> 
			<TD COLSPAN="2" STYLE="color:#ff0000;"><%= $login['message'] ; %></TD> 
		 </TR> 
		 <TR> 
			<TD COLSPAN="2" STYLE="color:#ff0000'"><IMG SRC="../images/blank.gif" ALT=" "
			  WIDTH="1" HEIGHT="5" BORDER="0"></TD> 
		 </TR> 
		 <% } %>
		 <TR> 
			<TD COLSPAN="2"><B>Please login</B></TD> 
		 </TR> 
		 <TR> 
			<TD COLSPAN="2"><IMG SRC="../images/blank.gif" ALT=" " WIDTH="1" HEIGHT="5"
			  BORDER="0"></TD> 
		 </TR> 
		 <TR> 
			<TD>Username</TD> 
			<TD> 
			  <INPUT TYPE="TEXT" NAME="username" VALUE="<%= $username; %>"
				MAXLENGTH="20"></TD> 
		 </TR> 
		 <TR> 
			<TD>Password</TD> 
			<TD> 
			  <INPUT TYPE="PASSWORD" NAME="password" MAXLENGTH="20"></TD> 
		 </TR> 
		 <TR> 
			<TD></TD> 
			<TD> 
			  <INPUT TYPE="SUBMIT" NAME="Submit1" VALUE="ENTER"> 
			  <INPUT TYPE="HIDDEN" NAME="do" VALUE="login"><% ihide('edit','show','send') ; %></TD>

		 </TR> 
	  </TBODY> 
	</TABLE> </FORM>
<%
}


/*%>
 <FORM>
<%*/ function superpw() {
%>
	<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0"> 
	  <TBODY> 
		 <TR> 
			<TD>Database Password</TD> 
			<TD>  </TD> 
			<TD> 
			  <INPUT TYPE="PASSWORD" NAME="super_pass" SIZE="20"></TD> 
			<TD>  </TD> 
			<TD> 
			  <INPUT TYPE="SUBMIT" NAME="Submit1" VALUE="GO"></TD> 
		 </TR> 
	  </TBODY> 
	</TABLE>
<%} /*%>
 </FORM>
<%*/

return;
%>
  </BODY>
</HTML>

[premiso]

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");

 

That is not a good way to die. It does not tell you anything about the error.

 

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.<Br />Reason:" . mysql_error());

 

That will at least tell you which is wrong, user or password. Although it is probably a good idea to remove that error when in production, for testing that is good to have.

 

To answer your question I would print out what the session password is. It could be that maybe you are using an odd character that is getting escaped so that when it is entered into session instead of being, for example just a '  it is now \'  to escape the quote. Which would throw the error.

 

Print out your session variables and make sure that they are what they should be and did not get messed up somewhere along the line. If they did get messed up track to where you define the variables and see how they would have got messed up.  You may also want to www.php.net/trim the values before assigning as there could be an extra whitespace throwing it off also.

[divadiva]

I got the problem.I was using different password .Changing password did the trick.