Jump to content

Wampserver phpMyAdmin


catfish

Recommended Posts

:angry: So, I installed the Wampserver on my computer and have set up numerous databases over the past few days while working on a couple of tutorials. First one connected fine to the database and now I can't seem to get a connection and I'm confused with what I'm doing now. I'm trying to set up a login / registration. my original db was set up and called "recipes" host=localhost, username=test, password=password. So I have deleted all but 1 db now thinking maybe I'm only allowed 1 per wampserver?? Is that true?

Now I have a db named catfishdb and a table set up called members with 3 fields, id, username, password

My html form

<form action="checklogin.php" method="post" name="form1">
<label for="username">User Name: </label><input type="text"  name="myusername" id="username">
<label for="password">Password: </label><input type="password"  name="mypassword" id="password">

<input type="submit" value="Login">

</form>

My checklogin.php page

<?php
$host = "localhost"; 
$username = "test";
$password = "password";
$db_name = "catfishdb";
$tbl_name ="members";

$connect = mysql_connect("localhost", "test", "password") or die('Could not connect to server');
mysql_select_db("catfishdb") or die('Could not connect to database');

$myusername = $_POST['myusername']; 
$mypassword = $_POST['mypassword'];

$sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result = mysql_query ($sql);

$count = mysql_num_rows ($result);
if ($count==1) {
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}

else {
echo "Wrong Username or Password";
}
?>

 

Then I have a couple other pages such as login_success.php. I find it very difficult to even ask the proper questions here but hopefully a php whiz can spot something here. I've registered 1 username and password in the phpmyadmin panel for testing and I still get an error "Could not connect to database"

Edited by catfish
Link to comment
Share on other sites

:angry: So, I installed the Wampserver on my computer and have set up numerous databases over the past few days while working on a couple of tutorials. First one connected fine to the database and now I can't seem to get a connection and I'm confused with what I'm doing now. I'm trying to set up a login / registration. my original db was set up and called "recipes" host=localhost, username=test, password=password. So I have deleted all but 1 db now thinking maybe I'm only allowed 1 per wampserver?? Is that true?

Now I have a db named catfishdb and a table set up called members with 3 fields, id, username, password

My html form

 

You may have as many databases as you want. I would start of with making sure that the user you have set up has in fact the correct priveleges to access the database and/or use the commands as SELECT, UPDATE, INSERT and any other needed.

 

 

Also just create a test.php and see if you can establish the connection.

 

<?php
$host = "localhost"; 
$username = "test";
$password = "password";
$db_name = "catfishdb";

$conn = new mysqli($host, $username, $password, $db_name)
if (! $conn) 
echo 'Could not establish connection';
else
echo 'Connection established';

mysqli_close($conn);

?>

Link to comment
Share on other sites

Thanks for your reply, now I really messed things up. I started with your test code and kept getting parse errors. I finally got just a simple hello php to show up in the browser and then I went to check the privileges set and screwed something up big time. Below is what the phpMyAdmin screen says now. I even uninstalled the whole Wampserver and reinstalled it and still get the same screen. I've looked and looked and I can't find where to check the host, username and password in a configuration file anywhere.

Error

MySQL said:

 

#1045 - Access denied for user 'root'@'localhost' (using password: NO)

 

phpMyAdmin tried to connect to the MySQL server, and the server rejected the connection. You should check the host, username and password in your configuration and make sure that they correspond to the information given by the administrator of the MySQL server.

Link to comment
Share on other sites

My catfishdb has disappeared.

If you uninstalled/reinstalled WAMP, that happens. PHPMyAdmin does allow you to export databases, so if you ever need to do that again keep that in mind.

 

BTW, make sure when you are writing this login script that you are escaping your user input correctly to prevent MySQL injection. I talk about this in a series I did on creating a PHP login that's available in the KillerSites University (under PHP > Misc PHP Videos). I'd suggest looking at the mysql_real_escape_string() and htmlspecialchars() functions.

 

With the code you have at the moment, I could input "' OR 1==1 --" in one of the fields and instantly get access, without knowing the username or password.

 

http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php

Link to comment
Share on other sites

If you uninstalled/reinstalled WAMP, that happens. PHPMyAdmin does allow you to export databases, so if you ever need to do that again keep that in mind.

 

BTW, make sure when you are writing this login script that you are escaping your user input correctly to prevent MySQL injection. I talk about this in a series I did on creating a PHP login that's available in the KillerSites University (under PHP > Misc PHP Videos). I'd suggest looking at the mysql_real_escape_string() and htmlspecialchars() functions.

 

With the code you have at the moment, I could input "' OR 1==1 --" in one of the fields and instantly get access, without knowing the username or password.

 

http://www.tizag.com...l-injection.php

 

Make sure you cover binary and hexdecimal, computer code injections also as the computer do not require text to be inputed and many times escaping non text, digit characters isn't enough. But it's a good start.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...