Jump to content


Photo

password/user for mysql


  • Please log in to reply
8 replies to this topic

#1 khefner

khefner
  • Members
  • PipPip
  • Member
  • 22 posts

Posted 25 December 2005 - 06:20 AM

I am trying to get a php script to access a mysql database for a website I administer. Mysql is installed and working on the website server. I also have access to PHPMyAdmin application. Here is what I get when I connect to my php file using a web browser:

Connected to MySQL
MySQL server version: 3.23.58
MySQL host info: Localhost via UNIX socket
Error creating database: Access denied for user: 'wjw-admin@localhost' to database 'my_db'



Here is the code from my php file
<html>

<body>

<?php

$db = mysql_connect('localhost', 'user', 'password')

or die("Unable to connect to MySQL");
print "Connected to MySQL<br>";

printf("MySQL server version: %s\n", mysql_get_server_info());

printf("MySQL host info: %s\n", mysql_get_host_info());


$sql = 'CREATE DATABASE my_db';
if (mysql_query($sql, $db)) {
echo "Database my_db created successfully\n";
} else {
echo 'Error creating database: ' . mysql_error() . "\n";
}

?>

</body>

</html>

I edited my code posted here for the user and password. That is really my first question; I am not really sure what to use for my user and password. I have a admin account for MySQL (I can change this on my admin control panel) but I dont think thats the password to use. (Thats what I use when I get the error above) I thought the password could be set with PHPMyAdmin but I could not find how to do that in the documentation. So basically I have a feeling my problem is that I am not using the right user/password, but I dont know how to look them up or create them. Thanks,
Hef


#2 fenway

fenway
  • Staff Alumni
  • MySQL Si-Fu / PHP Resident Alien
  • 16,199 posts
  • LocationToronto, ON

Posted 25 December 2005 - 01:53 PM

Adding new users is not done via PHPMyAdmin -- it's usually available from a "MySQL Databases" (or something similar) in your webhost's control panel (cPanel, Plesk, etc.). BTW, it's possible that even with a valid user/pass, you can still get this error -- see the relevant [a href=\"http://dev.mysql.com/doc/mysql/en/Access_denied.html\" target=\"_blank\"]refman page[/a] for more info.

Hope that helps.
Seriously... if people don't start reading this before posting, I'm going to consider not answering at all.

#3 khefner

khefner
  • Members
  • PipPip
  • Member
  • 22 posts

Posted 26 December 2005 - 04:21 PM

[!--quoteo(post=330313:date=Dec 25 2005, 08:53 AM:name=fenway)--][div class=\'quotetop\']QUOTE(fenway @ Dec 25 2005, 08:53 AM) View Post[/div][div class=\'quotemain\'][!--quotec--]
Adding new users is not done via PHPMyAdmin -- it's usually available from a "MySQL Databases" (or something similar) in your webhost's control panel (cPanel, Plesk, etc.). BTW, it's possible that even with a valid user/pass, you can still get this error -- see the relevant [a href=\"http://dev.mysql.com/doc/mysql/en/Access_denied.html\" target=\"_blank\"]refman page[/a] for more info.

Hope that helps.
[/quote]


Yes thanks Fenway, I was able to retrieve data from the database so I know my log in must be working.
A question regarding security using a "log in screen".

Right now I have the user and password part of the php script. So how is that secure? When the page opens, the connection is made. Thanks,
Kevin

#4 fenway

fenway
  • Staff Alumni
  • MySQL Si-Fu / PHP Resident Alien
  • 16,199 posts
  • LocationToronto, ON

Posted 27 December 2005 - 05:24 AM

I assume you mean a user login page -- that is used to authenticate _application_ users, not database users (although there could be some overlap). Obviously, to check their credentials, you'll need to read their DB record, so you'll have to have made a connection already. The user/pass to your DB is only as safe as your FTP access / control panel access.
Seriously... if people don't start reading this before posting, I'm going to consider not answering at all.

#5 khefner

khefner
  • Members
  • PipPip
  • Member
  • 22 posts

Posted 31 December 2005 - 11:17 PM

Thanks, I have the security figured out I think. Using my admin control panel, I password protected the directory that has the php files in it.


#6 khefner

khefner
  • Members
  • PipPip
  • Member
  • 22 posts

Posted 02 January 2006 - 05:00 PM

[!--quoteo(post=330573:date=Dec 27 2005, 12:24 AM:name=fenway)--][div class=\'quotetop\']QUOTE(fenway @ Dec 27 2005, 12:24 AM) View Post[/div][div class=\'quotemain\'][!--quotec--]
I assume you mean a user login page -- that is used to authenticate _application_ users, not database users (although there could be some overlap). Obviously, to check their credentials, you'll need to read their DB record, so you'll have to have made a connection already. The user/pass to your DB is only as safe as your FTP access / control panel access.
[/quote]

Well I am still a little unclear about the user set up for mysql.
Right now, I am able to connect, insert, and retrieve data from the mysql database using PHP.
I am using my admin mysql login and password to connect to the database and gain full privelegdes.
I know this is not a desirable situation for security reasons etc, so my question is, how do I create DB users (for a specific database) with specific privelegdes? Anotherwords I may only want them to be able to perform certain commands. (insert etc) Can I do this using PHPADMIN utility?
The version of mysql is 3.23.58
Thanks,
Hef

#7 fenway

fenway
  • Staff Alumni
  • MySQL Si-Fu / PHP Resident Alien
  • 16,199 posts
  • LocationToronto, ON

Posted 02 January 2006 - 05:46 PM

This can be acheived with MySQL GRANT statements; I believe that PHPMyAdmin has a "privileges" page as well with a GUI to these options too.
Seriously... if people don't start reading this before posting, I'm going to consider not answering at all.

#8 khefner

khefner
  • Members
  • PipPip
  • Member
  • 22 posts

Posted 03 January 2006 - 04:45 PM

[!--quoteo(post=332484:date=Jan 2 2006, 12:00 PM:name=Hef)--][div class=\'quotetop\']QUOTE(Hef @ Jan 2 2006, 12:00 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
Well I am still a little unclear about the user set up for mysql.
Right now, I am able to connect, insert, and retrieve data from the mysql database using PHP.
I am using my admin mysql login and password to connect to the database and gain full privelegdes.
I know this is not a desirable situation for security reasons etc, so my question is, how do I create DB users (for a specific database) with specific privelegdes? Anotherwords I may only want them to be able to perform certain commands. (insert etc) Can I do this using PHPADMIN utility?
The version of mysql is 3.23.58
Thanks,
Hef
[/quote]

Well I will have to look into doing it with grant statements. I dont think my version of phpmyadmin (phpMyAdmin 2.6.0-pl3 ) has the "priviligdes feature". (Although I agree with you it exists!)
I have looked all over the application and I find nothing regarding privilegdes and users.
Thanks,
Hef

#9 fenway

fenway
  • Staff Alumni
  • MySQL Si-Fu / PHP Resident Alien
  • 16,199 posts
  • LocationToronto, ON

Posted 03 January 2006 - 06:22 PM

Guess so... MySQL 5 has an CREATEUSER() command, I think. Just remember that even to _create_ a new database you need to correct GRANT privilege (e.g. CREATE) before you can "create" it!
Seriously... if people don't start reading this before posting, I'm going to consider not answering at all.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users