averagecoder Posted March 6, 2017 Share Posted March 6, 2017 (edited) I have Apache, PHP, and Postgres all installed on one CentOS 7.3. I have a .PHP script that does not use interactive user input that successfully connects to the Postgres database. So I know PHP and Postgres work. I now want to create new .PHP files for front end web development. I want a web page that accepts user input then uses that input as credentials to log into the database.I am trying to get the PHP page to take the credentials to then authenticate to a Postgres database. I use this PHP script (called a.php) to request the credentials from the front end: <!DOCTYPE HTML> <html> <body> <form action="welcome.php" method="post"> Name: <input type="text" name="name"><br> E-mail: <input type="text" name="email"><br> <input type="submit"> </form> <!DOCTYPE HTML> <html> <body> I use this PHP script named welcome.php (it was based on a TutorialsPoint example so "email" will be the password in this code): echo "Favorite name is " . $_POST["name"] . ".<br>"; echo "Favorite email is " . $_POST["email"] . "."; $host = "host=poda"; $port = "port=5432"; $dbname = "dbname=foobar"; $credentials = "user=" . $_POST["name"] . " password=" . $_POST["email"]; echo " "; echo $credentials; //I am certain the correct credentials are being used. echo " "; $db = pg_connect( "$host $port $dbname $credentials" ); if(!$db){ echo "Error : Unable to open database\n"; } else { echo "Opened database successfully\n"; } $sql =<<<EOF CREATE TABLE COMPANY (ID INT PRIMARY KEY NOT NULL, NAME TEXT NOT NULL, AGE INT NOT NULL, ADDRESS CHAR(50), SALARY REAL); EOF; $ret = pg_query($db, $sql); if(!$ret){ echo pg_last_error($db); } else { echo "Table created successfully\n"; } pg_close($db); echo $name ?> I have now posted the first PHP file (a.php) and the subsequent welcome.php file. Therefore my code is all on this post that I want to get to work. The credentials I input into the web page work when I use those credentials hard-coded into this PHP script.Here is the standalone script that does not accept user input; it works on the back end from a Linux prompt with "php standalone.php": <?php $host = "host=poda"; $port = "port=5432"; $dbname = "dbname=foobar"; $credentials = "user=jdoe [email protected]"; $db = pg_connect( "$host $port $dbname $credentials" ); if(!$db){ echo "Error : Unable to open database\n"; } else { echo "Opened database successfully\n"; } $sql =<<<EOF CREATE TABLE COMPANY (ID INT PRIMARY KEY NOT NULL, NAME TEXT NOT NULL, AGE INT NOT NULL, ADDRESS CHAR(50), SALARY REAL); EOF; $ret = pg_query($db, $sql); if(!$ret){ echo pg_last_error($db); } else { echo "Table created successfully\n"; } pg_close($db); ?> (Whenever I run the script above, I subsequently drop the table that it created.) Ports 80 and 5432 are open on the CentOS server between the Windows computer with a web browser. I tested the port and the IP address. I created a firewall rule to block it. Then I unblocked it. I can say that the relevant ports are open between the web browser and the CentOS server that runs Apache, PHP, and Postgres.When I open a web browser on a Windows computer and go to the PHP page, I enter the correct credentials into the PHP page. I see this error after I click submit Error : Unable to open database. What can I do to have the "welcome page" show a successful authentication to the Postgres database? The credentials are known to work. Edited March 6, 2017 by averagecoder Quote Link to comment https://forums.phpfreaks.com/topic/303364-php-and-postgres-why-would-i-get-%E2%80%9Cerror-unable-to-open-database-%E2%80%9D-when-the-credentials-are-correct/ Share on other sites More sharing options...
Jacques1 Posted March 6, 2017 Share Posted March 6, 2017 We can speculate all day long about what might be wrong, but I suggest you just look it up. Open the error log and look for warnings which say something like Warning: pg_connect(): Unable to connect to PostgreSQL server: ... If there are no warnings, make sure your error reporting is turned all the way up. The whole approach is ill-advised, though. When you insert the user input into the connection string, those users can mess with the connection parameters (maybe even by accident), execute arbitrary SQL commands, see what files exist on your server etc. You don't want that. Why are users even supposed to have their own database credentials? Quote Link to comment https://forums.phpfreaks.com/topic/303364-php-and-postgres-why-would-i-get-%E2%80%9Cerror-unable-to-open-database-%E2%80%9D-when-the-credentials-are-correct/#findComment-1543799 Share on other sites More sharing options...
averagecoder Posted March 7, 2017 Author Share Posted March 7, 2017 I want to know which users modified the database tables. I have a website that allows users to log in from anywhere in the world. I cannot let anyone access the database and delete records.How do I make sure reporting is turned all the way up?Which logs do I look in? Quote Link to comment https://forums.phpfreaks.com/topic/303364-php-and-postgres-why-would-i-get-%E2%80%9Cerror-unable-to-open-database-%E2%80%9D-when-the-credentials-are-correct/#findComment-1543868 Share on other sites More sharing options...
Jacques1 Posted March 7, 2017 Share Posted March 7, 2017 I cannot let anyone access the database and delete records. You haven't understood the question. I'm asking why each user gets his own database and server role. This is extremely unusual and only makes sense if all users are database administrators who need direct access to the database server (which would also be unusual). Normally, users have an account within the application, and there's just one database and role. This forum has thousands of users. That certainly doesn't mean we all have our own credentials to the database server. We just have an application account. How do I make sure reporting is turned all the way up? By checking the PHP configuration. If you don't know where that is, ask the server admin or use Google. Which logs do I look in? The PHP error log. If you don't know where that is, ask the server admin or use Google. Quote Link to comment https://forums.phpfreaks.com/topic/303364-php-and-postgres-why-would-i-get-%E2%80%9Cerror-unable-to-open-database-%E2%80%9D-when-the-credentials-are-correct/#findComment-1543879 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.