Couldn't access to db with Zencart - mysql

Trying to copy a zencart website in another server, but after openning the right port and copying the database, i have this error while openning the url in an internet browser.
0 DB_ERROR_NOT_CONNECTED
in:
[select * from project_version WHERE project_version_key = 'Zen-Cart Database' ]
If you were entering information, press the BACK button in your browser and re-check the information you had entered to be sure you left no blank fields.
Does'nt anyone already encounter this error ? Or have suggestion of how to solv this ?
Tx

Something in includes/configure.php is wrong. Check each of these values very carefully:
define('DB_PREFIX', '');
define('DB_SERVER', 'localhost');
define('DB_SERVER_USERNAME', '');
define('DB_SERVER_PASSWORD', '');
define('DB_DATABASE', '');
You likely have a typo in one of them, or perhaps you forgot to specify the prefix.

For anyone which encounter the same problem.
It comes from the fact that the password were saved in an old format on mysql.
You should migrate them to the new format to solv this issue:
update user set password=password('<my_password>') where user = '<my_user>';
flush privileges;

Related

How to fix password related issue in mysql

While setting up password for mysql i used the wrong code
update mysql.user set password=PASSWORD=('password') where user='root';
Here PASSWORD has been set to a value which i am not able to identify .I have tried safe mode recovery too,but the problem is not being solved.How to rectify this?
                      
I have tried safe mode recovery,but there also the old password was required.
We can work this out by reproducing the problem in a toy example:
CREATE TABLE Foo (Bar TEXT);
INSERT INTO Foo VALUES("Hello world");
SELECT * FROM Foo;
UPDATE Foo SET Bar=BAR=('password');
SELECT * FROM Foo;
(live demo)
The first SELECT shows us Hello world; the second shows us 0. So, for whatever reason, the mistaken expression BAR=('password') resulted in 0. Therefore I believe the hash of your password is 0.
Trouble is, this doesn't really help you, because you'd need to know the password that maps to said hash — and it's likely that there isn't one.
You should just reset the root password, by spinning up the server with the --skip-grant-tables switch (disabling auth checks), then log in and set your password properly (ref). Be sure to restart it in "normal" mode afterwards, because that switch is dangerous! In fact, I suggest closing your firewall to incoming MySQL connections for the duration of the task.

Symfony2 error: Unknown database

I have a db that I'm calling "my_db". I'm trying to connect to it with Symfony2, but it keeps telling me this:
"Unknown database: "MY_DB"
What I did:
First I tried to modify the config.yml, and parameters.yml, to change the db name, since it seems to be in capitals in the error and the db name really isn't. The name in the config.yml was already in lowercase, but in parameters.yml(which I don't even use for this) it was in capitals. I changed it to make sure, but nope.. Nothing. Still same error. And yes, I cleared the cache.
Then I changed the actual mysql-database name to uppercase in phpmyadmin: "my_db" to "MY_DB", and tadaa: it worked!
Wait But Why?
There is something I'm missing here, since the names are all correct in the settings, but the problem didn't go away until I changed the database name to match the name in the error.
First it didn't work and I didn't know why. Now it works and I don't know why.
I need to know why this happens, so that nothing weird happens when I go to production later.
It's not a problem of Symfony or Doctrine, it's a problem at the database level, somehow your database is case sensitive, I think there's a way to change that by setting the lower_case_table_names system variable, read more about it here : http://dev.mysql.com/doc/refman/5.6/en/identifier-case-sensitivity.html

Cannot find the object because it does not exist

I did spend an hour searching before I posted about this problem.
The table does exist and I can query that table and I can see the resultset but when i try to execute from Visual Studio 2008 I get the below error:
Cannot find the object "Products" because it does not exist or you do not have permissions
Why does this error occur and what should I do to resolve it?
using (System.Data.SqlClient.SqlCommand cmd = connection.CreateCommand() as System.Data.SqlClient.SqlCommand)
{
cmd.CommandText = "SET IDENTITY_INSERT Products ON";
cmd.CommandType = CommandType.Text;
cmd.ExecuteNonQuery();
}
I tried specifying dbo.Products and before executing I also tried use dbname but that did not help.
after spent few hours and lost few hairs i found that the problem was in the connection strings (but this is still did not convence me) and as i said in question i was not having any issues but suddenly its pop-up and i havent change anything (who knows what dba have changed)
so I try tweak my connection string instead, and it does make a string
to see if it makes a difference: and it does.
c.Provider = 'sqloledb'
dsn = 'Server=MyServer;Database=MyDB;Trusted_Connection= Yes'
c.Open(dsn)
the only thing i have added to my connection string is Trusted_Connection= Yes
PS: SET IDENTITY_INSERT remains on for your session until
you turn it off, and it can only be on for one table at a time
Hope this will help others...
The error is happening because you haven't set a database context yet. If you added "use (dbname) go " (with your database name) to the start of the query it would work.
[edit]
Sorry didn't spot that you'd tried that. Maybe your connecting to the wrong server? Try changing the query in code to "create table argh (argh int)" and check it fails the second time. Then track down where it created it!

MySQL credentials/hosts variables best practices

I want to know what is the best practice or what is recommended to do when a variables are created for MySQL credentials/host.
define('HOST', 'localhost');
// etc..
mysql_connect(HOST, // etc...
vs
$host = 'localhost';
// etc..
mysql_connect($host, // etc...
For both you can easily check what are the declared variables or constants and maybe can find what are the value easily. I have code that multiple users can share and use.
What is the best way to protect these variables?
Here's few solutions
1) You give each user a user and password and each user has their permissions in the database (only select, or insert ect..). So in your code you simply include a db.config.php so all the variables are set. It does not really matter if the user echo the variables since they use their own.
2) you can give a common username/pass for the database and then encode the file (either using custom encoding, zend optimizer or ioncube and unset the variables. Here's a sample code:
// file mysql_connect.php
$link = mysql_connect("localhost", "mysql_user", "mysql_password")
or die("cannot connect to database : " . mysql_error());
// then this file is encoded so nobody can view it.
3) At some point, someone, somehow will be able to find this information. I would simply recommend to trust your user (assuming these are developers)
At some point in your code you will have to hardcode this kind of information, the important thing is to keep it in only one place to promote maintanability.
However, as you are worried about security I suggest you to check this: Convert PHP file to binary

Login Server Side Logic

This question has more to do with how I am setting up my server side code for a simple login script. I'm interested in the best way to achieve my goal, which is of course to verify a users username and password against a database and present them with either a successful login, a registration page, or a username or password found, but the alternative is wrong.
Right now, I have it set up where my sql query scans the database for both the user and pass:
SELECT * FROM test WHERE userName='" + userName + "' AND pass='" + password + "'"
Problem with this approach is it either returns a true or false...I cannot tell if one of the inputs was correct and the other wasn't. It either finds the record, or it doesn't.
So I could query based on the username alone, and if found check the record for the correct password before passing the user onto a successful login. That way I know if the password is wrong, but I have no idea if the password is right and the user simply types the wrong username.
Alternatively, I could extend on that, and if the user isn't found, requery the database based on the password and determine if I can find a record but the username doesn't match. It seems like a lot of back and forth with the database, which is fine. But i'd like to hear from some experts on whether or not this is a proper approach.
I have not much idea wether stored procedure is supported in my sql or not. If it is supported then you can make SP like this way to check all cases. Below is code for MSSQL, you can check it with my sql :
IF EXISTS(SELECT [id] FROM [dbo].[users] WHERE [user_name] = #user_name AND [password] = #password)
BEGIN
SELECT 1 AS RETURNVAL --Valid User
END
ELSE IF NOT EXISTS(SELECT [id] FROM [dbo].[users] WHERE [user_name] = #user_name)
BEGIN
SELECT 0 AS RETURNVAL -- User doesn't exist
END
ELSE
BEGIN
SELECT -1 AS RETURNVAL -- Password Not Correct
END
You don't want to disclose too many information to people with bad intents trying to probe your system for available usernames (or even – god forbid – passwords that are in use).
When a login attempt failed, simply display a message stating:
Username and/or password mismatch.
As an aside, use prepared statements, rather than string concatenation when working with your database; it protects you from SQL injection attacks.
Plus – although it's not entirely clear from your code snippet – don't store plain passwords or plain password hashes. Rely on one of the many available and well tested encryption/hashing libraries e.g. PHP's crypt function (make sure you select a proper hashing function such as SHA512).
Your code in the most simplest form would then look like this:
// coming from your login page
$dbh = new PDO(…);
$sth = $dbh->prepare('SELECT `digest` FROM `users` WHERE `name` = :name LIMIT 1');
$sth->prepare(array( ':name' => $_POST['username'] ));
$result = $sth->fetch();
if($result !== FALSE && crypt($_POST['password'], $result['digest']) === $result['digest']) {
printf('You logged in successfully as %s', htmlspecialchars($_POST['username']));
} else {
echo 'Sorry, username and/or password did not match! Please try again.';
sleep(1);
exit;
}