This is my setup (the IP numbers are fictional of course):
Server A (10.0.0.1)
hosts a database called database1 with the user db_user and the password db_pass. This user has access to the database and remote connections from any host are permitted (I know it's a leak and I will fix it once it works)
Update 1: This server shows no signs of receiving the connection (like connection refused or something like that) Port 3306 is open
Server B (20.0.20.0)
hosts a PHP script which connects to the database with the following command:
$connection = mysqli_connect("10.0.0.1","db_user","db_pass","database1",3306);
My log on Server B says:
Access denied for user 'db_user'#'20.0.20.0' (using password: YES) in <path-to-php-file> in line 42
The line number matches the statement, so it is indeed the statement above which fails.
Why? I explicitly specified the IP of Server A (also tried server-a.com instead of 10.0.0.1)
Update 2:
I ran the following query via commandline as MySQL-Root and this is the output:
mysql> SHOW GRANTS FOR 'db_user';
GRANT USAGE ON *.* TO 'db_user'#'%' IDENTIFIED BY PASSWORD '<password hash>'
GRANT ALL PRIVILEGES ON `database1`.* TO 'db_user1'#'%'
Seems valid to me. What strikes me as odd is that in the log of B it shows it own address (B's address) instead of A's where the Database is located. My idea is it tries to connect to a database on server B where no MySQL user db_user exists.
Update 3:
I connected via SSH to server B and ran mysql --host=10.0.0.1 -udb_user -p and typed in the password => it worked. SHOW GRANTS FOR current_user; returned the same like on server A.
If you can't connect using mysqli, try using PDO instead. I'm not sure why, but apparently in this case PDO works.
Personally, I like PDO better than mysqli, because of named parameters instead of ?, and the ability to provide an array of values when calling PDOStatement::execute(). You may find you like it as well.
Related
This question already has answers here:
Warning: mysqli_connect(): (HY000/1045): Access denied for user 'username'#'localhost' (using password: YES)
(25 answers)
Closed 6 years ago.
Been going through tons of answers but none have exactly matched my issue.
I have a MySQL database running and am attempting to connect in PHP with mysqli. The connection code is as follows:
<?php
if(!isset($_COOKIE["uid"])) {
$servername = "localhost";
$username = "study";
$password = "somepassword";
$dbname = "user_study";
$conn = new mysqli($servername, $username, $password, $dbname);
if($conn->connect_error){
die("aww");
}
}
However every time I get the error
mysqli::mysqli(): (28000/1045): Access denied for user
'study'#'localhost' (using password: YES)
I know that the user 'study'#'localhost' has permissions to access this database, because I am able to access it through the MySQL command line just fine. I have tried other accounts such as roots with the same result.
Is there anything else I should be checking?
New information (2/23)
It seems that even when I shut the database down I'm getting an access denied result, meaning it seems to be trying to connect to some other database on the server. How would I ensure it is connecting to the correct one?
I think the error message indicates that PHP was able to contact the MySQL Server using the socket file. (It would have been a different error otherwise.)
There's a couple of reasons you could get this error. If we can successfully connect to MySQL Server with a the mysql command line client like this:
> mysql --no-defaults -h localhost -u study -psomepassword user_study
That's going to rule out a lot of the possible reasons for the failure.
The most reasonable explanation for the error message from PHP is that the password being provided in the connection attempt from PHP does not match the password MySQL is expecting.
Some ideas we should be able to rule out. Privileges on the user_study database have been granted to 'study'#'localhost', e.g.
GRANT SELECT ON user_study.* TO 'user'#'localhost'
On a totally different tack, given the assignment statement:
$password = "somepassword";
And assuming that you wouldn't be supplying the actual password in the question... we're left wondering if the actual password contains characters that are subject to PHP string interpretation, such as backslash character, or a dollar sign.
For debugging, I suggest doing an echo $password; following the assignment, and verify that the string emitted is what is expected.
Another possibility is that there isn't an exact match in the mysql.user table, and the user 'study' is actually matching to a different mysql.user... an entry with an empty user ''#'localhost'.
I'd be taking a look at all of the entries in the mysql.user table where user='study' and user=''.
I also want to rule out the possibility that the mysql command line client using a .mylogin.cnf file.
I'm also tempted to suggest that changes were applied to the mysql.user table and a FLUSH PRIVILEGES statement wasn't executed... but that doesn't jive with the behavior (successful connection) observed in the mysql command line client.
We're assuming obviously that the MySQL Server is running local, on the same machine that PHP is executing on. And we're expecting to connect via the local socket file.
As a test, I'd suggest connecting via TCP. Specifying host as 127.0.0.1. That would require a different entry in the mysql.user table. We'd test connection from the mysql command line client:
> mysql --no-defaults -h 127.0.0.1 -u study -psomepassword user_study
But this gets into a whole host of other configuration issues with the MySQL Server, networking enabled, bind address, DNS name resolution, listening port, iptables, firewall, et al.
--
If the problem was an unsupported authentication protocol, I'd expect a different error. If the problem was the inability to connect to the socket file, I'd also expect a different error.
All of the usual causes for this error seem to be ruled out by a successful connection from the command line client, running on the local machine, connecting to using the same credentials.
I see the command to set up a user account on mySQL is:
CREATE USER 'userName'#'localhost' IDENTIFIED BY 'some_pass';
For the localhost, do I keep that local host if I want the user to be able to insert from another ip adress that the mySQL DB is not on?
Also if I was creating a connecting class to match the above, would it look like this:
<?php
class myConnect extends mysqli{
public function __construct($hostname='localhost',
$user='userName',
$password='some_pass',
$dbname='dbName'){
parent::__construct($hostname, $user, $password, $dbname);
}
}
?>
Again I am concerned about the localhost part in the php class above. Basically the php is not goign to be on the same server as the database.
Update:
Tried the answer below but am getting this php error still:
Warning: mysqli::mysqli() [mysqli.mysqli]: (HY000/2003): Can't connect to MySQL server on 'mySQLIP' (111) in /home4/m133414/public_html/myDigitalOcean.php on line 12
If php is installed on a different server than MySQL, you need to change localhost to whatever the IP address is that the MySQL sees the php server as. That's in the user creation. If you want it avaiable from anywhere, change localhost to '%'
In php, in place of localhost, put the IP address of the MySQL server.
If your PHP server has a separate IP address or host name than the MySQL server, use the PHP server's IP/hostname in the grant statement
CREATE USER 'userName'#'php.server.ip.goes.here' IDENTIFIED BY 'some_pass';
If you want users to be able to connect to your server from anywhere, you can use a wildcard:
CREATE USER 'userName'#'%' IDENTIFIED BY 'some_pass';
though this is generally insecure.
You should use 'localhost' if you want users to be able to connect to your server only from the same IP/host as your MySQL server. This would be appropriate in situations where your webserver is on the same host as the MySQL server.
Mysql is very picky about user account string formatting, and in particular treats the hostname 'localhost' as special (and exactly how depends on the version).
If the hostname is 'localhost' then many mysql versions will use a local Unix Socket (and not TCP/IP) to connect. If you use a DNS name such as mysql.server.example.org, be aware that you need to include exactly the string mysql sees on connect: it's not 'intelligent' in saying 'mysql' is the same thing, for example.
Be aware also that creating a user does not give it permission to do anything. You will normally need to use GRANT to do that as well. You can grant permission to the whole server (not recommended!) or to all tables in a database, or even to individual tables. I would strongly recommend testing using 'phpmyadmin' to investigate this if needed.
Finally, I'm just slightly worried that you are conflating user-of-mysql and user-of-application. Normally, the mysql user table is not used for application level users (e.g. website profiles). I say this because DB user creation is often a one-off thing and so doesn't need application code to do it...
I am trying to connect to a MYSQL database on server A from server B. The hosting company that we are working with, owns both server A and server B. This is my first attempt at an external DB connection.
I have written the following PHP code to try to connect to the MYSQL database on server A from server B. The code looks like most other code I have Googled in regards to connecting to external MYSQL databases..
$IPAddress_O_fServer_A = 'XXX.XX.XX.XXX';
$Server_A_DB_Pass = 'P-WORD';
$Server_A_DB_User = 'U-NAME';
$con = mysql_connect($IPAddress_Of_Server_A, $Server_A_DB_User, $Server_A_DB_Pass);
Now when this code executes on Server B, I get this error:
Warning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on 'XXX.XX.XX.XXX' (4) in /var/www/web12/web/dev/front-end.php on line 10
Could not connect: Can't connect to MySQL server on XXX.XX.XX.XXX' (4)
...where line 10 is the mysql_connect() call.
Does anyone see anything wrong with this code?
If the connection is not working would it be safe to say that there must be an issue with either the servers external connection permissions or some other settings?
Thanks!
First off I'd look at this and make sure that you're system is configured to allow remote access.
Secondly the user name "U-NAME" will actually be "U-NAME#localhost" and will have permissions set up as such. For example consider the following GRANT statement.
GRANT SELECT *
ON foo.bar
TO 'U-NAME'#'localhost'
The user name "U-NAME" has permission to select entries from the database foo, table bar, but it is exclusively localhost access. In order to allow remote you'd have to grant permissions similarly to the following.
GRANT SELECT *
ON foo.bar
TO 'U-NAME'#'xx.xx.xx.xx'
What possible reasons could exist for MySQL giving the error “Access denied for user 'xxx'#'yyy'” when trying to access a database using PHP-mysqli and working fine when using the command-line mysql tool with exactly the same username, password, socket, database and host?
Update:
There were indeed three users in the mysql.user table, each one with a different host (but with the same hashed password), one was set to localhost, one to 127.0.0.1 and one to the machine’s host name. Deleting two of them and changing the host of the third to “%” had only one effect: now the access is denied using the command-line tool also.
I did do a
select user();
before that in the command line and it yielded the same xxx#yyy that were denied in php.
Sometimes in php/mysql there is a difference between localhost and 127.0.0.1
In mysql you grant access based on the host name, for localusers this would be localhost.
I have seen php trying to connect with 'myservername' instead of localhost allthough in the config 'localhost' was defined.
Try to grant access in mysql for 127.0.0.1 and connect in php over 127.0.0.1 port 3306.
In case anyone’s still interested: I never did solve this particular problem. It really seems like the problem was with the hardware I was running MySQL on. I’ve never seen anything remotely like it since.
After I read your update I would suspect an error in/with the password.
Are you using "strange" characters in your PW (something likely to cause utf-8/iso encoding problems)?
Using % in the Host field would allow the user to connect from any host. So the only thing that could be wrong would be the password.
Can you create another user. whith the "grant all on all for '...'#'%' identiefied by 'somesimplepw'" syntax, and try to connect with that user?
Don't forget to 'flush privelidges'
For info on how to create a new user klick here
Today the FTP service of my web hosting provider is having some trouble, so I decide to realize a local virtual webserver for working on my website. I have installed EasyPHP 14.1 with phpMyAdmin and I have created my user and my database with tables.
First attempt: failed. I realized that the table I was looking for didn't exist. -> I solved creating the missing table.
Second attempt: failed. I realized that username that I set for my new user was diffrent from the username I used for my connection. -> I edited username.
Third attempt: failed. I realized that new database name was diffrent from database name I use for connection in my site. -> I edited db name.
Forth attempt: failed. I realized that between privileges of my new user there wasn't "Grant". I don't even know what "Grant" means, but let's try to enable it -> Added "Grant" privilege.
Fifth attempt: I win!
I hope my little adventure could help someone. =)
Help!
I have a PHP (PHP 5.2.5) script on HOST1 trying to connect to an MySql database HOST2. Both hosts are in Shared Host environments controlled through CPanel.
HOST2 is set to allow remote database connections from HOST1.
The PHP connect I'm using is:-
$h2 = IPADDRESS;
$dbu = DBUSER;
$dbp = DBPASS;
$DBlink = mysql_connect($h2, $dbu, $dbp);
This always fails with:-
Access denied for user '<dbusername>'#'***SOMESTRING***' (using password: YES)
nb: SOMESTRING looks like it could be something to do with the shared host environment.
Any ideas???
BTW: I can make remote connections to HOST2 from my laptop using OpenOffice via ODBC, and SQLyog. The SQLyog and ODBC settings are exactly the same as the PHP script is trying to use.
somestring is probably the reverse-lookup for your web-server.
Can you modify privileges from your cPanel? Have you done anything to allow access from your workstation (ODBC)?
The error-message seems to indicate that you have network-access to the mysql-server, but not privileges for your username from that specific host.
If you're allowed to grant privileges for your database, invoking:
GRANT SELECT ON database.* TO username#ip.address.of.host1 IDENTIFIED BY 'password'
might work for you. I just wrote this out of my head, you might want to doublecheck the syntax in mysql-docs.
Have you read the MySQL documentation on Causes of Access denied Errors?
Have you contacted support for your hosting provider? They should have access to troubleshoot the database connection. People on the internet do not have access.
Do you need to specify the database name? Your account might have access to connect only to a specific database. The mysql_connect() function does not allow you do specify the database, but new mysqli() does. I'm not sure if this is relevant -- it might allow you to connect but give you errors when you try to query tables that aren't in your database.
Are you sure you're using the right password? MySQL allows each account to have a different password per client host. Admittedly, this is not a common configuration, but it's possible. Your hosting provider should be able to tell you.
Just some ideas:
HOST1 does not have remote access to HOST2 (shared host is disallowing)
MySQL account does not have access from HOST1 (IP address specified on account creation, or wildcard)
Edit:
In response to your comment, I meant that HOST1 cannot get to the MySQL port on HOST2. Web services will work, of course, because port 80 is open to the public. As another user pointed out though, you are getting a response, so you are reaching it. I would try specifying the DB, and double checking the account creation command you ran.
For the second piece, I meant this: http://dev.mysql.com/doc/refman/5.0/en/adding-users.html
You can specify what host the username can connect from. If it isn't set to HOST2's IP or the wildcard, HOST2 can't log in with those credentials.
The error message means that you can contact the mySql server, but the user you are trying to log in as, does not have access.
Either the user does not have access at all, or it has access locally, but not from the host you are connecting from.
You should try to use the hostname and port like $h2 = IPADDRESS:3307;