password/user for mysql

[khefner]

I am trying to get a php script to access a mysql database for a website I administer. Mysql is installed and working on the website server. I also have access to PHPMyAdmin application. Here is what I get when I connect to my php file using a web browser:

 

Connected to MySQL

MySQL server version: 3.23.58

MySQL host info: Localhost via UNIX socket

Error creating database: Access denied for user: 'wjw-admin@localhost' to database 'my_db'

 

 

Here is the code from my php file

<html>

 

<body>

 

<?php

 

$db = mysql_connect('localhost', 'user', 'password')

 

or die("Unable to connect to MySQL");

print "Connected to MySQL<br>";

 

printf("MySQL server version: %s\n", mysql_get_server_info());

 

printf("MySQL host info: %s\n", mysql_get_host_info());

 

 

$sql = 'CREATE DATABASE my_db';

if (mysql_query($sql, $db)) {

echo "Database my_db created successfully\n";

} else {

echo 'Error creating database: ' . mysql_error() . "\n";

}

 

?>

 

</body>

 

</html>

 

I edited my code posted here for the user and password. That is really my first question; I am not really sure what to use for my user and password. I have a admin account for MySQL (I can change this on my admin control panel) but I dont think thats the password to use. (Thats what I use when I get the error above) I thought the password could be set with PHPMyAdmin but I could not find how to do that in the documentation. So basically I have a feeling my problem is that I am not using the right user/password, but I dont know how to look them up or create them. Thanks,

Hef

 

[fenway]

Adding new users is not done via PHPMyAdmin -- it's usually available from a "MySQL Databases" (or something similar) in your webhost's control panel (cPanel, Plesk, etc.). BTW, it's possible that even with a valid user/pass, you can still get this error -- see the relevant [a href=\"http://dev.mysql.com/doc/mysql/en/Access_denied.html\" target=\"_blank\"]refman page[/a] for more info.

 

Hope that helps.

[khefner]

[!--quoteo(post=330313:date=Dec 25 2005, 08:53 AM:name=fenway)--][div class=\'quotetop\']QUOTE(fenway @ Dec 25 2005, 08:53 AM) 330313[/snapback][/div][div class=\'quotemain\'][!--quotec--]

Adding new users is not done via PHPMyAdmin -- it's usually available from a "MySQL Databases" (or something similar) in your webhost's control panel (cPanel, Plesk, etc.). BTW, it's possible that even with a valid user/pass, you can still get this error -- see the relevant [a href=\"http://dev.mysql.com/doc/mysql/en/Access_denied.html\" target=\"_blank\"]refman page[/a] for more info.

 

Hope that helps.

 

 

Yes thanks Fenway, I was able to retrieve data from the database so I know my log in must be working.

A question regarding security using a "log in screen".

 

Right now I have the user and password part of the php script. So how is that secure? When the page opens, the connection is made. Thanks,

Kevin

[fenway]

I assume you mean a user login page -- that is used to authenticate _application_ users, not database users (although there could be some overlap). Obviously, to check their credentials, you'll need to read their DB record, so you'll have to have made a connection already. The user/pass to your DB is only as safe as your FTP access / control panel access.

[khefner]

Thanks, I have the security figured out I think. Using my admin control panel, I password protected the directory that has the php files in it.

 

[khefner]

[!--quoteo(post=330573:date=Dec 27 2005, 12:24 AM:name=fenway)--][div class=\'quotetop\']QUOTE(fenway @ Dec 27 2005, 12:24 AM) 330573[/snapback][/div][div class=\'quotemain\'][!--quotec--]

I assume you mean a user login page -- that is used to authenticate _application_ users, not database users (although there could be some overlap). Obviously, to check their credentials, you'll need to read their DB record, so you'll have to have made a connection already. The user/pass to your DB is only as safe as your FTP access / control panel access.

 

Well I am still a little unclear about the user set up for mysql.

Right now, I am able to connect, insert, and retrieve data from the mysql database using PHP.

I am using my admin mysql login and password to connect to the database and gain full privelegdes.

I know this is not a desirable situation for security reasons etc, so my question is, how do I create DB users (for a specific database) with specific privelegdes? Anotherwords I may only want them to be able to perform certain commands. (insert etc) Can I do this using PHPADMIN utility?

The version of mysql is 3.23.58

Thanks,

Hef

[fenway]

This can be acheived with MySQL GRANT statements; I believe that PHPMyAdmin has a "privileges" page as well with a GUI to these options too.

[khefner]

[!--quoteo(post=332484:date=Jan 2 2006, 12:00 PM:name=Hef)--][div class=\'quotetop\']QUOTE(Hef @ Jan 2 2006, 12:00 PM) 332484[/snapback][/div][div class=\'quotemain\'][!--quotec--]

Well I am still a little unclear about the user set up for mysql.

Right now, I am able to connect, insert, and retrieve data from the mysql database using PHP.

I am using my admin mysql login and password to connect to the database and gain full privelegdes.

I know this is not a desirable situation for security reasons etc, so my question is, how do I create DB users (for a specific database) with specific privelegdes? Anotherwords I may only want them to be able to perform certain commands. (insert etc) Can I do this using PHPADMIN utility?

The version of mysql is 3.23.58

Thanks,

Hef

 

Well I will have to look into doing it with grant statements. I dont think my version of phpmyadmin (phpMyAdmin 2.6.0-pl3 ) has the "priviligdes feature". (Although I agree with you it exists!)

I have looked all over the application and I find nothing regarding privilegdes and users.

Thanks,

Hef

[fenway]

Guess so... MySQL 5 has an CREATEUSER() command, I think. Just remember that even to _create_ a new database you need to correct GRANT privilege (e.g. CREATE) before you can "create" it!