I've been having some issues trying to log in as non-root users from a .php file onto phpMyAdmin.
I've set up a login form that uses the root user to check if the login that someone uses matches an entry in the mysql.User table and then stores the username and password as session variables which I'm using to try and log in to MySQL and perform user specific tasks later.
This is the code I'm having issues with:
$host = "localhost"; // Host name
$username = $_SESSION['myusername']; // Mysql username
$password = $_SESSION['mypassword']; // Mysql password
$db_name = "gcim"; // Database name
$tbl_name = "permissions"; // Table name
// Create connection
$conn = new mysqli($host, $username, $password, $db_name);
myusername and mypassword are just the session variables I've stored and they're set to the values exactly how they should be, "gcim" is the database I'm trying to access and "permissions" is the table
Trying to execute the code results in the following:
Warning: mysqli::mysqli(): (HY000/1045): Access denied for user 'BUT03'#'localhost' (using password: YES) in C:\xampp\htdocs\gcim\permissions\permissions.php on line 12
Connection failed: Access denied for user 'BUT03'#'localhost' (using password: YES)
I'm pretty sure that the issue isn't a wrong hostname, username or password because even if I change the connection line to:
$conn = new mysqli("localhost", "BUT03", "test", "gcim");
it still gives me the same error
Here's the setup of my mysql.User table:
http://puu.sh/dDxd3/5e25f315f4.png
Anyway, any help would be very much appreciated,
Thanks
EDIT: I've been experimenting and I've come to the conclusion that the ONLY way to get a successful login to MySQL is using the root account with no password, any attempt to log in with a password will give me the same error, as well as removing the password from a non-root account and trying to log in with no password which gives me the following error: Connection failed: Access denied for user ''#'localhost' to database 'gcim'
I have a feeling that there's some issue with the server settings, was I meant to change anything from the default phpMyAdmin settings?
EDIT: I just tried to log in to phpMyAdmin itself as 'BUT03'#'localhost' and I appear to have no privileges at all even though everywhere I can see I've granted all possible privileges to that account, could this be affecting anything and does anyone know what could be causing it?
I assume passowrds are saved not in plain text, but hashed. That would mean your hashed password is 'test', and you actual password is something unknown. Change your password to test with this function
SET PASSWORD FOR 'BUT03'#'localhost' = PASSWORD('test');
see:
http://dev.mysql.com/doc/refman/5.0/en/set-password.html
Related
Well, I'm using Ubuntu 20.04 and I have installed MySQL some months ago. Actually MySQL version is 8.0.30.
I'm trying to get in the mysql console, but it gives me that neither root nor my personal user have permissions on MySQL.
What I've already tried:
skip-grant-tables => One of the solutions was putting this option in one of the MySQL configuration files, and then alter the root password. but when I try to change the root password, it gives me that I'm using the skip-grant-tables option. After trying this, and of course, using flush privileges and restarting the service after changing it, I get:
ERROR 1396 (HY000): Operation ALTER USER failed for 'root'#'localhost'
alter user => I tried many commands with alter user like:
alter user 'root'#'localhost' identified by 'My_password';
alter user 'root'#'localhost' identified with native_mysql_password by 'My_password';
set password for 'root'#'localhost' = PASSWORD('My_password');
But all theses commands give the error ERROR 1396 (HY000): Operation ALTER USER failed for 'root'#'localhost'.
Put the right authentication_string => Yes, I had checked this column to the root user, and it still giving me the same thing:
ERROR 1045 (28000): Access denied for user 'root'#'localhost' (using password: YES)
No success at all. The last one even gives me a syntax error. But all this attempts gave me some information:
debian.conf => I did a cat in this file, and I found out that root user is not in there, even if it's in the Users table inside mysql database. But I can access mysql console with debian-sys-maint, using the password given in the file.
Permissions => I doesn't have any permissions with root.
root password => I have set the authentication_string to the root user inside users table to a very strong password, and even using it, I does not have permissions to enter mysql console.
Password validation => I have changed the global variables of password validation so I can change my password to a weak one. But when I restarted the MySQL service, it went back to the default configurations. It bothers me, but I can get along with it.
So what I'm looking for is: how can I give permissions to my root user access MySQL console? Should I recreate root user? Or is there another way to fix this?
EDIT1: PASSWORD function does not work for some reason.
EDIT2: I'm not able to create a root user. It gives me an error saying that I don't have permission to do so. It looks like mysql is not recognizing 'root' as a user. When I try "GRANT ALL" to 'root', it says that I don't have permission to create it, but it is already in the users table.
My company has a Perl application in server with IP : 10.10.3.39
And because of the new rule implemented, I must migrate the database to MySQL DB in server with IP : 10.10.1.18
My company DB administrator has create an account and grant the access for the apps with username : 'user'#'10.10.3.39'. So the account just can be used from server with IP 10.10.3.39
I tried the connection in the server using command mysql -h 10.10.1.18 -u user -p
[hanief#dev39 project]$ mysql -h 10.10.1.18 -u user -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 19484169
Server version: 10.0.15-MariaDB mariadb.org binary distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
I have a database connection script test_db.pm in Perl like this:
use DBI;
$user = "user";
$pw = 'password';
$dbh = DBI->connect("DBI:mysql:database=mysql;host=10.10.1.18;mysql_enable_utf8=1",$user, $pw, %attr) or die "Cannot connect to MySQL server\n";
And then, I tried to run it using command perl test_db.pm, I got this error
[hanief#dev39 project]$ perl test_db.pm
DBI connect('database=mysql;host=10.10.1.18;port=3306;mysql_enable_utf8=1','user',...)
failed: Access denied for user 'user'#'%' to database 'mysql' at test_db.pm line 6.
Cannot connect to MySQL server
I don't know why the account name suddenly has #'%' behind it
I have tried to change the variable $user to :
$user = "user\#10.10.3.39";
failed: Access denied for user 'user#10.10.3.39'#'10.10.3.39' (using password: YES) at test_db.pm line 6.
$user = "user\#'10.10.3.39'";
failed: Access denied for user 'user#'10.10.3.39''#'10.10.3.39' (using password: YES) at test_db.pm line 6.
$user = "'user'\#'10.10.3.39'";
failed: Access denied for user 'user'#'10.10.3.39'#'10.10.3.39' (using password: YES) at test_db.pm line 6.
But still, didn't work. The server still can't connected to DB server.
I Don't know why there's an extra #'10.10.3.39' behind the user account.
And don't know why % before, suddenly changed to 10.10.3.39
Any solution for my case?
I'm not entirely sure what's going on here, but I think I can shed a little bit of light.
MySQL (and, hence, MariaDB) has a login system that isn't just dependent on usernames and passwords. It also takes into account the host that the connection is coming from. If you look at the mysql.user table, you'll see that the first three columns are Host, User and Password.
The Host column is interesting. It can either contain an IP address or a hostname, but it can also contain the symbol '%', which means "any host".
So when the DBA told you they had:
create an account and grant the access for the apps with username : 'user'#'10.10.3.39'
I'm betting they mean they've inserted the values user and 10.10.3.39 in the mysql.user table.
That means your $user variable needs to be set to user, not user#10.10.3.39 - as MySQL will work out the IP address from your incoming connection.
So when you see errors like this:
failed: Access denied for user 'user#10.10.3.39'#'10.10.3.39'
the bit inside the first pair of quotes ("user#10.10.3.39") is the username you're trying to use and the bit inside the second pair of quotes ("10.10.3.39") is the IP address that MySQL thinks you're connecting from. Obviously, that's not going to work because that username doesn't exist in the mysql.users table.
So, we're left looking at your first example:
$dbh = DBI->connect("DBI:mysql:database=mysql;host=10.10.1.18;mysql_enable_utf8=1",$user, $pw, %attr)
or die "Cannot connect to MySQL server\n";
Which gives this error:
failed: Access denied for user 'user'#'%'
Now, the fact that this error uses "%" as your hostname, seems to imply that the MariaDB server didn't recognise the IP address that you're coming from as one of the specific IP addresses listed as allowed for your user.
So, two things I would double-check in this instance:
Are you definitely trying to connect from 10.10.3.39? This includes checking if there are any proxies between you and the DB server that might change your IP address.
Is the IP address in the mysql.user table really 10.10.3.39? Or does the value, perhaps, contain a typo?
I'm aware that this isn't a "here's the solution to your problem" post but, hopefully, it explains a bit more about what is going on and gives you a couple of avenues to investigate.
I am running MySQL Server version: 5.7.25-0ubuntu0.16.04.2 - (Ubuntu).
When I run this php script below with the CORRECT MySQL root user password entered I get the error:
Access denied for user 'root'#'localhost' (using password: NO)
However if I change the root user to an INCORRECT value I get the MySQL error:
Access denied for user 'root'#'localhost' (using password: YES)
I know the MySQL root user password I'm entering is correct because I can log into both the mysql command line and phpmyadmin with it.
So the CORRECT password when received by MySQL is returning access denied using password NO but I don't understand why it would do that. Any help is much appreciated.
<?php
$dbusername = "root";
$dbpassword = "password";
$dbname = "DB";
$dbtable = "table_name";
$con=mysqli_connect("localhost",$dbusername,$dbpassword,$dbname);
// Check connection
if (mysqli_connect_errno())
{
echo " " . mysqli_connect_error();
}
?>
Just in case anyone has the same problem, it turned out that the issue was the MySQL password I was using started with the character $. The mysql command line program and phpmyadmin had no problem with accepting this character in the password but when it was included as part of a mysqli connection string (or PDO connection string for that matter) it would throw the 1045 Access Denied Using Password: NO error.
I changed the password's first character to # and no more error.
Assuming you mysql / root user password is Pass123. Connect to Mysql Shell and run below sql statements.
GRANT USAGE ON *.* to `root`#`%` IDENTIFIED BY 'Pass123';
GRANT ALL PRIVILEGES ON *.* TO `root`#`%` WITH GRANT OPTION;
flush privileges;
Now update info in php and run PHP again.
<?php
$dbusername = "root";
$dbpassword = "Pass123";
$dbname = "DB";
$dbtable = "table_name";
It is recommended to create a non root user to use in the application. In my answer, I have used root as you have used this user in your question.
See create-new-user-grant-permissions-mysql
Don't forget to change database and table names.
I am using WAMPSERVER for creating a database using MYSQL. I wrote a basic query for creating a database that is:
CREATE DATABASE mydb
Upon clicking the go button, I am getting the error:
#1044 - Access denied for user ''#'localhost' to database 'mydb'
Please tell that what can I do in this case. Thanks a lot for giving me your important time.
I have solved this issue..
Open the config.inc.php file in phpMyAdmin folder and change the username and password which you like to set. Just check following code.
/* Authentication type and info */
$cfg['Servers'][$i]['auth_type'] = 'config';
$cfg['Servers'][$i]['user'] = 'Enter-Username';
$cfg['Servers'][$i]['password'] = 'Enter-Password';
$cfg['Servers'][$i]['AllowNoPasswordRoot'] = true;
You need to authenticate with the mysql server, and then check you have the correct permissions to create databases with the authenticated user.
The error code
#1044 - Access denied for user ''#'localhost' to database 'mydb'
Suggests that you have not logged in using a userid.
All installations of MySQL comes with a default userid setup of 'root' ( no quotes )
So try logging in again and use:
username = root
password = (leave this blanks)
You should then see a screen with a add password link on it. Click that and give the root userid a password, for security.
Dont forget that password.
Now you will be properly logged in to mysql and will have the required privilages to do, well anything, as the root userid is the super user.
I'm working on a MAC in a MAMP environment.
so when i try to connect to the database i get this error
$this->db = mysqli_connect('localhost', 'root', '');
I can log in with PhpMyAdmin as the root user.
mysqli_connect(): (28000/1045): Access denied for user
'root'#'localhost' (using password: YES)
my root user is set like this
user: root
machine: localhost
password: no
global rights: ALL PRIVILEGES
grant: yes
Does anyone know how to resolve this problem?
The PHP Manual here says about the password field:
If not provided or NULL, the MySQL server will attempt to authenticate
the user against those user records which have no password only. This
allows one username to be used with different permissions (depending
on if a password as provided or not).
So, either do mysqli_connect($host, $user); or mysqli_connect($host, $user, null);
you have to call mysqli_connect without a password parameter, else php tries to authenticate the user using the empty string as password. try
mysqli_connect($host, $user);
only, withouth the ''.