Jump to content
xisto Community
EinReaper

Php Myadmin cant access mysql database

Recommended Posts

I have installed XAMPP on my computer.Everything works fine, but when I enter PHPMyAdmin I get this warning: "Your configuration file contains settings (root with no password) that correspond to the default MySQL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole."So I've changed the password to the root account, but then I couldn't access the mysql databases anymore with PHPMyAdmin (I received an error that the access was denied). I could change the structures only in php with the mysql_connect command.Then I had to reset the root password and now I'm back at square 1.So my question is this: how can I change the root password and still be able to access the mysql database with PHPMyAdmin?

Share this post


Link to post
Share on other sites

Try accessing the Security page in the default localhost directory: xampp by accessing http:localhost/ in your Browser.The basic installation has a Security link that may have some information.

Share this post


Link to post
Share on other sites

By the sound of it, phpMyAdmin is remembering your root password (or rather, remembering there isn't one). If you are storing the password in the configuration file then you will need to open that configuration file, look for the line where the password is stored, and change it to match whatever you've changed it to with MySQL.

Share this post


Link to post
Share on other sites

By the sound of it, phpMyAdmin is remembering your root password (or rather, remembering there isn't one). If you are storing the password in the configuration file then you will need to open that configuration file, look for the line where the password is stored, and change it to match whatever you've changed it to with MySQL.

Yes, open the config file, and change the password. I too had the same problem.?XAMPP?does?store?password?in?config?file. That is XAMPP has changed the default mechanism of phpMyAdmin. I think so.?Another?thing?is?that XAMPP installation creates 3 php config files. So don't be frustrated if you change some setting and don't get the expected result. Just find the one which does the work. I did it through trial and error. Edited by pasten (see edit history)

Share this post


Link to post
Share on other sites

On the other hand, if you are using XAMPP only for local testing, without anyone "from the outside" accessing your computer, having a secure phpMyAdmin account isn't really that necessary. But if one of the solutions posted above does work - stick to it. Better safe that sorry :)

Share this post


Link to post
Share on other sites

^ At some point I do plan to move my work on the www so I had to resolve this security measure.Thanks for all your replies. It turns out that I did, in fact, had to edit the configuration file.If anyone else has this problem: the configuration file is C:\xampp\PhpMyAdmin\config.inc.php and you need to add the password to this line: $cfg['Servers'][$i]['password'] = '';Instead of C:\xampp you should choose the directory where you have installed xampp; I'm not sure, but this should work for EasyPhp as well.

Share this post


Link to post
Share on other sites

Glad to see you've solved the issue, i have a little info that might help understand why you get the error message and why it doesnt always matter!Basically as said PMA (PhpMyAdmin) notices that you have a root account with FULL privileges and NO password. meaning if your server was online any attacker could very easily delete your databases, edit them etc.... because there is no password and the account has full privileges. For testing on a local server i wouldnt worry too much, just make sure you use a good firewall (you should anyway really!) to stop people gaining access to your DBs or your system. if you want to use another account on PMA just go to privileges (on the main page) and "add new user" from there just type in the new username and password. You can also then select the privileges of that user. For example you might have a PHP script where you want to ONLY select data from a DB (perhaps for a login or something) so you can have a restricted user that only has SELECT privileges, so even if an attacker used SQL injections they would never be able to delete or edit your databases because that user cannot do anything except read the databases. I dont know if that made sense or not but i hope it did! It also helps to create users that are the same as the ones on your real host so that when error-checking or editing scripts you dont have to worry about changing the username/password in the script

Share this post


Link to post
Share on other sites
php and myadmin connection problemsPhp MyadminI'm having a problem in my connections when I access my database..I don't know whats wrong with my script Heres the script:<?phpSession_start();Switch (@$_POST['Button']){ case "Login": include("dbstuff.Inc"); $cxn = mysqli_connect($host,$user,$password,$database) or die("Query died: connect"); $sql = "SELECT user_name FROM customer WHERE user_name='$_POST[fusername]'"; $result = mysqli_query($cxn,$sql) or die("Query died: fuser_name"); $num = mysqli_num_rows($result); if($num > 0) { $sql = "SELECT user_name FROM customer WHERE user_name='$_POST[fusername]' AND password=md5('$_POST[fpassword]')"; $result2 = mysqli_query($cxn,$sql) or die("Query died: fpassword"); $num2 = mysqli_num_rows($result2); if($num2 > 0) //password matches { $_SESSION['auth']="yes"; $_SESSION['logname'] = $_POST['fusername']; header("Location: secretpage.Php"); } else //pass does not match { $message_1="The Login Name, '$_POST[fusername]' exists, but you have not entered the correct password! PLEASE TRY AGAIN."; $fusername = strip_tags(trim($_POST[fusername])); include("form_login_reg.Inc"); } } elseif($num == 0) { $message_1 = "The UserName you entered does not exist! PLEASE TRY AGAIN!"; include("form_login_reg.Inc"); }Break;Case "Register":/*check for blanks */ foreach($_POST as $field => $value) { if ($field != "fax") { if ($value == "") { $blanks[] = $field; } else { $good_data[$field] = strip_tags(trim($value)); } }}If (isset($blanks)){ $message_2 = "The following fields are blank. Please ENTER the required Information: "; foreach($blanks as $value) { $message_2 .="$value, "; } extract($good_data); include("form_login_reg.Inc"); exit();}/*validate data */Foreach($_POST as $field => $value){ if(!empty($value)) { if(preg_match("/name/I",$field) and !preg_match("/user/I",$field) and !preg_match("/log/I",$field)) { if (!preg_match("/^[A-Za-z' -]{1,50}$/",$value)) { $errors[] = "$value is not a valid name. "; } } if(preg_match("/street/I",$field) or preg_match("/addr/I",$field) or preg_match("/city/I",$field)) { if(!preg_match("/^[A-Za-z0-9.,' -]{1,50}$/",$value)) { $errors[] = "$value is not a valid address or city. "; } } if(preg_match("/state/I",$field)) { if(!preg_match("/^[A-Z][A-Z]$/",$value)) { $errors[] = "$value is not a valid state code."; } } if(preg_match("/email/I",$field)) { if(!preg_match("/^._@.+..+$/",$value)) { $errors[] = "$value is not a valid email address."; } } if(preg_match("/zip/I",$field)) { if(!preg_match("/^[0-9]{5,5}(-[0-9]{4,4})?$/",$value)) { $errors[] = "$value is not a valid zipcode."; } } if(preg_match("/phone/I",$field) or preg_match("/fax/I",$field)) { if(!preg_match("/^[0-9)(xX -]{7,20}$/",$value)) { $errors[] = "$value is not a valid phone number. "; } } }}Foreach($_POST as $field => $value){ $$field = strip_tags(trim($value));}If(@is_array($errors)){ $message_2 = ""; foreach($errors as $value) { $message_2 .= $value. "PLEASE TRY AGAIN"; } include("form_login_reg.Inc"); exit();}/*check if username already exists */Include("dbstuff.Inc");$cxn = mysqli_connect($host,$user,$password,$database) or die("Couldnt connect to server");$sql = "SELECT user_name FROM customer WHERE user_name='$user_name'";$result = mysqli_query($cxn,$sql) or die("Query died: user_name.");$num = mysqli_num_rows($result);If($num > 0){ $message_2 = "$user_name already used. Select another username."; include("form_login_reg.Inc"); exit();}Else{ $today = date("Y-m-d"); $sql = "INSERT INTO customer (user_name, create_date, password,first_name,last_name,street,city,zip,phone,fax,email) VALUES ('$user_name','$today',md5('$password'),'$first_name', '$last_name', '$street', '$city','$state','$zip', '$phone','$fax','$email')"; mysqli_query($cxn,$sql); $_SESSION['auth']="yes"; $_SESSION['logname'] = $user_name;/*SEND EMAIL TO NEW CUSTOMER*/ $emess = "You have successfully registered. "; $emess .= "Your new username and password are: "; $emess .= "andandt$user_nameandt"; $emess .= "$passwordandand "; $subj = "Your new customer registration"; $mailsend=mail("$email","$subj","$emess"); header("Location: secretpage.Php");}Break;Default: include("form_login_reg.Inc");}?>MY INCLUDE FILE FOR THE DATABSE ACCESS<?php $host = "localhost"; $user = "admin"; $password = ""; $database = "CustomerDirectory";?>I've doubled checked everything from fields and databse connections and bothing seems wrong, the error I'm getting is somwthing like this.Could not connect: access denied for user 'admin'@'localhost' (using password: YES)Something like that..Thnx..C:-question by aufweb02Keywords: access denied at database on .php myadmin

Share this post


Link to post
Share on other sites
php and myadmin connection problemsPhp MyadminI'm having a problem in my connections when I access my database..I don't know whats wrong with my script Heres the script:<?phpSession_start();Switch (@$_POST['Button']){ case "Login": include("dbstuff.Inc"); $cxn = mysqli_connect($host,$user,$password,$database) or die("Query died: connect"); $sql = "SELECT user_name FROM customer WHERE user_name='$_POST[fusername]'"; $result = mysqli_query($cxn,$sql) or die("Query died: fuser_name"); $num = mysqli_num_rows($result); if($num > 0) { $sql = "SELECT user_name FROM customer WHERE user_name='$_POST[fusername]' AND password=md5('$_POST[fpassword]')"; $result2 = mysqli_query($cxn,$sql) or die("Query died: fpassword"); $num2 = mysqli_num_rows($result2); if($num2 > 0) //password matches { $_SESSION['auth']="yes"; $_SESSION['logname'] = $_POST['fusername']; header("Location: secretpage.Php"); } else //pass does not match { $message_1="The Login Name, '$_POST[fusername]' exists, but you have not entered the correct password! PLEASE TRY AGAIN."; $fusername = strip_tags(trim($_POST[fusername])); include("form_login_reg.Inc"); } } elseif($num == 0) { $message_1 = "The UserName you entered does not exist! PLEASE TRY AGAIN!"; include("form_login_reg.Inc"); }Break;Case "Register":/*check for blanks */ foreach($_POST as $field => $value) { if ($field != "fax") { if ($value == "") { $blanks[] = $field; } else { $good_data[$field] = strip_tags(trim($value)); } }}If (isset($blanks)){ $message_2 = "The following fields are blank. Please ENTER the required Information: "; foreach($blanks as $value) { $message_2 .="$value, "; } extract($good_data); include("form_login_reg.Inc"); exit();}/*validate data */Foreach($_POST as $field => $value){ if(!empty($value)) { if(preg_match("/name/I",$field) and !preg_match("/user/I",$field) and !preg_match("/log/I",$field)) { if (!preg_match("/^[A-Za-z' -]{1,50}$/",$value)) { $errors[] = "$value is not a valid name. "; } } if(preg_match("/street/I",$field) or preg_match("/addr/I",$field) or preg_match("/city/I",$field)) { if(!preg_match("/^[A-Za-z0-9.,' -]{1,50}$/",$value)) { $errors[] = "$value is not a valid address or city. "; } } if(preg_match("/state/I",$field)) { if(!preg_match("/^[A-Z][A-Z]$/",$value)) { $errors[] = "$value is not a valid state code."; } } if(preg_match("/email/I",$field)) { if(!preg_match("/^._@.+..+$/",$value)) { $errors[] = "$value is not a valid email address."; } } if(preg_match("/zip/I",$field)) { if(!preg_match("/^[0-9]{5,5}(-[0-9]{4,4})?$/",$value)) { $errors[] = "$value is not a valid zipcode."; } } if(preg_match("/phone/I",$field) or preg_match("/fax/I",$field)) { if(!preg_match("/^[0-9)(xX -]{7,20}$/",$value)) { $errors[] = "$value is not a valid phone number. "; } } }}Foreach($_POST as $field => $value){ $$field = strip_tags(trim($value));}If(@is_array($errors)){ $message_2 = ""; foreach($errors as $value) { $message_2 .= $value. "PLEASE TRY AGAIN"; } include("form_login_reg.Inc"); exit();}/*check if username already exists */Include("dbstuff.Inc");$cxn = mysqli_connect($host,$user,$password,$database) or die("Couldnt connect to server");$sql = "SELECT user_name FROM customer WHERE user_name='$user_name'";$result = mysqli_query($cxn,$sql) or die("Query died: user_name.");$num = mysqli_num_rows($result);If($num > 0){ $message_2 = "$user_name already used. Select another username."; include("form_login_reg.Inc"); exit();}Else{ $today = date("Y-m-d"); $sql = "INSERT INTO customer (user_name, create_date, password,first_name,last_name,street,city,zip,phone,fax,email) VALUES ('$user_name','$today',md5('$password'),'$first_name', '$last_name', '$street', '$city','$state','$zip', '$phone','$fax','$email')"; mysqli_query($cxn,$sql); $_SESSION['auth']="yes"; $_SESSION['logname'] = $user_name;/*SEND EMAIL TO NEW CUSTOMER*/ $emess = "You have successfully registered. "; $emess .= "Your new username and password are: "; $emess .= "andandt$user_nameandt"; $emess .= "$passwordandand "; $subj = "Your new customer registration"; $mailsend=mail("$email","$subj","$emess"); header("Location: secretpage.Php");}Break;Default: include("form_login_reg.Inc");}?>MY INCLUDE FILE FOR THE DATABSE ACCESS<?php $host = "localhost"; $user = "admin"; $password = ""; $database = "CustomerDirectory";?>I've doubled checked everything from fields and databse connections and bothing seems wrong, the error I'm getting is somwthing like this.Could not connect: access denied for user 'admin'@'localhost' (using password: YES)Something like that..Thnx..C:-question by aufweb02Keywords: access denied at database on .php myadmin

Share this post


Link to post
Share on other sites

"Your configuration file contains settings (root with no password) that correspond to the default MySQL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole."Here is how to fix it:1. go to phpmyadmin;2. click on the database you want to change the pw to (onl left);3. click on "privileges";4. click on the "edit privileges" icon on the right of the root user for localhost.5. go to the "change password" block;6. tick the "password" radio button;7. enter password and re-type that password;8. tick: ... keep the old one.9. click "go";10. now go open a MySql Console from the WAMPSERVER menu;11. it will ask you for a pw ? just hit the return since you don't have one yet (next time you go to the console you'll need to enter the new pw that you'r entering here). type the following:UPDATE mysql.user SET Password=PASSWORD("xxxxxx")WHERE User="root";(where xxxxxx is the password you entered in the previous step).12. Now type: FLUSH PRIVILEGES;13. go to your WAMP or MAMP folder, find the APPS folder, and than click on your PHPMYADMIN folder ( e.g my folder called phpmyadmin2.11.6 ) and find the config.inc.php14. open config.inc.php with wordpad and find the following text:$cfg['Servers'][$i]['password'] = '';now add the password that you used in step number 3 like this :$cfg['Servers'][$i]['password'] = 'yourPasswordHere'; 15. now save this modification, and close config.inc.phpYou should be all set now!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.