18 replies to this topic

[hetra]

Hello all,

I'm having MySQL errors on my website.

For the login system and the message posting system.

The error is:

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'brezerd1_BIDA1'@'localhost' (using password: YES) in /home/brezerd1/public_html/login/checklogin.php on line 13

cannot connect

My database server is localhost and the username and password is correct. The login system goes like this:

index.php in login.brezerd.net acts as the input form.

Then, checklogin.php validates the inputs.

If it succeeds, login_success is displayed.

To keep them logged in, I've implemented code on every page (in my template.php) to access the data and if it can't then show "Login?" and if it can then display user info (like Welcome, [username]).

The code is as follows:

The code for the login system (form) is:

<?php

include("/home/brezerd1/public_html/template.php");

ini_set('session.cookie_domain',

substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100)); 

?>

<!--7:55:00PM 17/12/2010 AEST---!>

<body>

<script type="text/javascript" defer="defer">

window.alert("BIDAS (Brezerd.net IDentification Account System) is currently indev (like a lot of Brezerd.net). However, unlike a lot of the site, it's unstable.");

</script>

<!-->

<h2>

BREZERD.NET LOGIN (INDEV)

</h2>

<table width="300" border="0" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">

<tr>

<form name="form1" method="post" action="checklogin.php">

<td>

<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">

<tr>

<td colspan="3"><strong>Member Login </strong></td>

</tr>

<tr>

<td width="78">Username</td>

<td width="6">:</td>

<td width="294"><input name="myusername" type="text" id="myusername"></td>

</tr>

<tr>

<td>Password</td>

<td>:</td>

<td><input name="mypassword" type="password" id="mypassword"></td>

</tr>

<tr>

<td> </td>

<td> </td>

<td><input type="submit" name="Submit" value="Login"></td>

</tr>

</table>

</td>

</form>

</tr>

</table>

</head>

<?php

include("/home/brezerd1/public_html/footer.php");

?>

<html>

The code for the checklogin file:

<?php


ini_set('session.cookie_domain',

substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));

ob_start();

$host="localhost"; // Host name 

$username="brezerd1_BIDA1"; // Mysql username 

$password="3.14159265358979323846"; // Mysql password 

$db_name="brezerd1_users"; // Database name 

$tbl_name="members"; // Table name


// Connect to server and select databse.

mysql_connect("$host", "$username", "$password")or die("cannot connect"); 

mysql_select_db("$db_name")or die("cannot select DB");


// Define $myusername and $mypassword 

$myusername=$_POST['myusername']; 

$mypassword=$_POST['mypassword'];


// To protect MySQL injection (more detail about MySQL injection)

$myusername = stripslashes($myusername);

$mypassword = stripslashes($mypassword);

$myusername = mysql_real_escape_string($myusername);

$mypassword = mysql_real_escape_string($mypassword);


$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";

$result=mysql_query($sql);



// Mysql_num_row is counting table row

$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row


if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"

session_register("myusername");

session_register("mypassword"); 

header("location:login_success.php");

}

else {


header("location:index.php");

echo "Error";


}

ob_end_flush();



?>

The code for login_success:

<? 

ini_set('session.cookie_domain',

substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));


session_start();

$username = $_SESSION['myusername'];

echo "<b>"."Welcome ". $username."</b>";

if(!session_is_registered(myusername)){

header("location:index.php");

}

?>


<html>

<body>

<br>

Login Successful!

<a HREF="/Logout.php">Logout</a>

</body>

</html>

And the code implemented on every page:

<?php

ini_set('session.cookie_domain',substr($_SERVER['http://brezerd.net'],strpos($_SERVER['http://brezerd.net'],"."),100));

session_start();

print $_SESSION['BIDAN'];

if($_SESSION['BIDAN']!= null)

{

//echo ("Logged In as ".$_SESSION['username']);

}

if ($_SESSION['BIDAN']= null)

{

echo ("Login?");

}

//-END OF BIDAS CODE-

?>

My apologies if this is overly long and boring but I would like an answer.

Thank you very much.

Edited by Hunter100, 16 April 2011 - 05:20 PM.
Poor grammar.

[Alexander]

It would appear the user brezerd1_BIDA1 has either insufficient access rights in the database or the password and/or username is incorrect.

Have you set up proper credentials with your web server to allow this user to connect? Is there a method where you can reset the user and password and be sure that they are valid? Are you connecting to the right machine?

Edited by Alexander, 16 April 2011 - 06:04 PM.
.

[hetra]

So you're saying that there I should set all permissions for the database?

Also, how would I go about setting up webserver access?

[Alexander]

I am unaware of the context of your installation or platform.

Is this script to connect to the database ran on your own computer, with web access, or are you hosting this on a third party server or VPS?

[hetra]

I'm with JustHost on shared hosting, the database server is on the localhost (at least that's what it says in PhpMyAdmin).

[Alexander]

Then the user or password you have set up is wrong. You should use the exact same username and password that you do to log in to PHPMyAdmin, or that you set up through their hosting control panel.

[hetra]

Oh okay then I'll try that.

[hetra]

Thank you, it did work, login is successful, however, since it's occurring in login.brezerd.net, would I have to change any code so that I could access the session data from across the site?

[liamzebedee]

Yes you would in fact. Since PHP initialises session variables on the domain its executing by default (unless specified in your PHP.ini file) you will need to change the code. You could either pass the variables to the other domain but this would get messy so I suggest you use this code-

ini_set('session.cookie_domain',

substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));

session_start();

If you are using a template file I suggest you put this at the top (before any code, so you won't get the output already sent error) so It will always instantiate session variables on the second level domain ( brezerd.net ) not the subdomain ( login.brezerd.net )

[hetra]

I already have that code in the template file (that's one of the reasons I gave code).

[liamzebedee]

session_register()

is a deprecated function in checklogin.php, the file you use to init the session variables.

Warning
This function has been DEPRECATED as of PHP 5.3.0. Relying on this feature is highly discouraged.

In PHP 5.3.0 and higher we initialise variables with-

$_SESSION["variable name"] = "value";

. Be careful to use the function

session_start();

before anything because its the function that initialises the session.

[hetra]

UPDATE:

Current code after modifications:

checklogin.php:

<?php

ini_set('session.cookie_domain',

substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));

ob_start();

$host="localhost"; // Host name 

$username="brezerd1"; // Mysql username 

$password=""; // Mysql password 

$db_name="brezerd1_users"; // Database name 

$tbl_name="members"; // Table name


// Connect to server and select databse.

mysql_connect("$host", "$username", "$password")or die("cannot connect"); 

mysql_select_db("$db_name")or die("cannot select DB");


// Define $myusername and $mypassword 

$myusername=$_POST['myusername']; 

$mypassword=$_POST['mypassword'];


// To protect MySQL injection (more detail about MySQL injection)

$myusername = stripslashes($myusername);

$mypassword = stripslashes($mypassword);

$myusername = mysql_real_escape_string($myusername);

$mypassword = mysql_real_escape_string($mypassword);


$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";

$result=mysql_query($sql);



// Mysql_num_row is counting table row

$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row


if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"

session_start();

$_SESSION[myusername];

$_SESSION[mypassword];

header("location:login_success.php");

}

else {


header("location:index.php");

echo "Error";


}

ob_end_flush();

?>

login_success.php:

<? 

ini_set('session.cookie_domain',

substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));

session_start();

$timestamp = time();

$username = $_SESSION['myusername'];

$password = $_SESSION['mypassword'];

$BIDAN =$_SESSION['bidan'];

$logFile = "util/log.txt";

$logString = $timestamp."  ".$BIDAN." ".$username." ".$password." Logged In\n"; 

$openedLogFile = fopen($logFile, "a+");

echo "<b>"."Welcome ". $username."</b>";

if ($username !=null && $password !=null && $timestampe !=null && $logString !=null )

{

	fopen($logFile, "a+");

	file_put_contents($logFile, $logString, FILE_APPEND | FILE_EX);

	fclose($openedLogFile);	

}

else

{

	Header("location:index.php");

}

if(!session_is_registered(myusername))

{

	header("location:index.php");

}

?>

<html>

<body>

<br>

Login Successful!

<a HREF="/Logout.php">Logout</a>

</body>

</html>

Edited by Hunter100, 16 April 2011 - 10:06 PM.