I am trying to connect using PHP to an SQL Server on another machine. I have found two ways of doing this. Either with odbc_connect or sqlsrvr connect.
$connection = odbc_connect("Driver={SQL Server Native Client 10.0};Server=$serverName;Database=$db;", 'user', 'pass');
or
$conn = sqlsrv_connect($serverName, array('UID' => '', 'PWD' => ''));
The connection works if I try to connect to an SQL account. Unfortunately I cannot manage to connect using the Windows Authentication.
So far I have tried the following : used a working pass, added Trusted_Connection=yes; or Integrated Security=SSPI; . I have also tried combining this with fastcgi.impersonate = 1 or 0.
When I use directly my user and pass I get a login denied error and when I try the windows authentication with sspi I receive the following error:Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
I've googled the problem a lot but I could not find a solution. Some people however were talking about php not using the Network Service account and that that might be the problem.
Does anyone know how I could fix this or maybe give me a lead?
Thank you in advance.
I was able to establish a trusted connection to a remote SQL server from PHP running on a seperate IIS server using:
$connectionInfo = array('Database' => $dbname);
$con = sqlsrv_connect($servername,$connectionInfo);
In php.ini:
fastcgi.impersonate = 0
mssql.secure_connection = On
In IIS for my PHP site:
Anonymous Authentication = Disabled
Windows Authentication = Enabled
Application Pool settings for site: Integrated, Network Service
Database Security on SQL Server for $dbname database:
create login: domainname\iisservername$
map domainname\iisservername$ to db_datareader privilege for $dbname database
Note: The $ in the iisservername is important. With the above settings IIS will establish a trusted connection with the SQL server without the need to store userid and password information in your PHP file. Locally the permissions used by the application pool are "Network Service". Remotely, these permissions pass through the network as user domainname\iisservername$.
Open the IIS Console
Configure your App Pool identity with the desired user which must have enough permissions in your SQL Server+Database
Select your "Specific Website"
Open "Authentication" settings
Right-click on "Anonymous Authentication" and click on "Edit"
By last select the option: Application pool identity (radio button) and press the "OK" button to apply the changes.
basically the problem is that the identity that is used to connect to the server will always be the identity of the process in which PHP is running
This link may help you.
For PHP on IIS 7.5 to connect without a username and password using SSPI authentication. I had to do the following:
In my IIS application pool advanced settings, I set it to use a custom account Domain\username to the user I needed PHP to connect as.
In my IIS specific website, I changed the Basic settings to Connect As that same Domain\username.
In my PHP code I could then connect using $conn = sqlsrv_connect($dbhost, array("Database" => $dbname, "UID" => "", "PWD" => ""));
Other notes: fastcgi.impersonate = 1
And I only have: Anonymous Authentication Enabled
*
Have you tried $conn = sqlsrv_connect($serverName);
The array is optional. Windows authentication is used as default. See this MSDN article
IIS should have Windows authentication enabled and anonymous access turned off.
Open the IIS Console
Go to your site
Open "Authentication" settings
Right-click on "Anonymous Authentication" and click on "Edit"
By last select the option: Application pool identity (radio button) and press the "OK" button to apply the changes.
Go to "Application Pools" and get the application pool name.
Open SSMS (SQL management studio), enter the relevant database and choose "Security".
Add a new user, fill only the name and save. The name of the user should be:
IIS APPPOOL\{YOUR_APP_POOL_NAME}
Good luck!
Related
I have XAMPP running on an MS Server 2012 R2. I need to make a connection to an MSSQL server which accepts only integrated win authentication.
If I simply try the below, I get a login failure and an error log on the SQL Server that SQL authentication is not an option. It only accepts connection from a certain user. Obviously the PHP script is not being run under that account.
$server = "sqlServerName";
$SQLUser = "username";
$SQLPass = "pw";
$SQLDatabase = "db";
$link = mssql_connect($server,$SQLUser,$SQLPass);
As I'm using PHP 5.3.1 sqlsrv_connect is not an option. I tried to load the php drivers for it but it's just not working. I can't change the authentication for the sql server and I can't use any other version of PHP.
I also can't turn the secure_connection on as I have to be able to connect to other sql servers which requires "normal" sql authentication:
mssql.secure_connection = Off
How to connect to my problematic sql server?
UPDATE: Upgraded xampp to the latest version. PHP is now version 5.6.8 I still can't use sqlsrv_connect() even though I installed the necessary driver and added every single dll to the php.ini. Restarted apache several times. Any clue?
error msg: Fatal error: Call to undefined function sqlsrv_connect()
Ok. It's hard to debug a server issue without being on the server but I've done a lot with php and SQL Server so I will do my best to share my experiences.
First, Very glad you updated from 5.3.1 that version of php is ancient and very insecure. Here are some sanity checks for your system. This may do nothing for you but all of it is worth checking.
First make sure you can connect to sql server using SQL Server Management studio with the credentials you provided. This means the same credentials you use in php not the windows authentication credentials. You should be able to have both connections at the same time so you can make changes and test the connection at the same time.
Enable tcp. sql server configuration manager -> SQL Server network configuration -> protocols for sqlexpress -> tcp/ip (right click)-> properties -> Enabled (yes) -> ip Addresses -> IPAll -> TCP Port 1433 -> ok
Enable sql server auth. Select server (right click) -> properties -> security -> sql server and windows authentication mode -> ok
Open sql server port on firewall. Windows Control panel -> system and security -> windows firewall -> advanced settings -> Inbound rules -> New rule -> Port -> tcp -> 1433 (or whatever) -> Allow connection -> next -> Name -> sql server -> finish -> restart computer.
Of course if you want to connect through a non-default user you need to add the user: sql server -> security -> logins (right click) -> add login -> server roles -> sysadmin -> ok
If you make any of these changes restart sql server: Sql server configuration manager -> sql server services -> sql Server (right click) -> restart.
Once you confirm you can connect with management studio here are the php configuration checks:
You can see if the extension itself is available by creating a php page with only the function phpinfo() in it. Then search for pdo_sqlsrv. If it is present the rest of these checks are probably not necessary but since you've been working this so long probably check them anyway.
sql_srv extension for php should be version 3.2 for php 5.6 you can obtain that library here
Version 3.2 requires an os extension available here Check the other requirements on the previous link. Your os may use a different extension from the one linked here.
Find your php extensions directory. this is usually {php-install-directory}/ext. Make sure you copy the appropriate version of the downloaded sqlsrv libraries into this directory. Mine are called "php_sqlsrv_55_ts.dll" and "php_dpo_sqlsrv_55_ts.dll" Yours will have 56 instead of 55 I think and the "ts" should match your php install. "ts" means thread safe, the other option is "nts" not thread safe. The one you use is dependent on your php install.
My php.ini file contains these lines extension=php_sqlsrv_55_ts.dll and extension=php_pdo_sqlsrv_55_ts.dll in that order. but I don't think order matters. and again yours will be 56 and the "ts" may be "nts".
If you made any changes based on these make sure to restart apache then check if pdo_sqlsrv is in your phpinfo() report. Also after restarting apache check the apache and php error log to see if you get specific errors about php trying to load the extensions. Post those here if you need help with them.
Once you are connected to sql server through the auth creditionals in management studio and see pdo_sqlsrv in your phpinfo() here are the last things to look into in your code.
Your code above is still for mssql extension. You probably just didn't update it with your latest changes. For sql server extension your code should look like this:
$connectionInfo = array(
'UID' => $dbuser,
'PWD' => $dbpass,
'LoginTimeout' => 1,
);
$host = $host . ', ' . $port;
$connection = sqlsrv_connect($host, $connectionInfo);
$error_messages = sqlsrv_errors();
For windows authentication exclude the uid and pwd.
$connectionInfo = array();
$conn = sqlsrv_connect( $host, $connectionInfo);
If you have more issues please tell me which step is not working so we can dig into more detail with that step.
Go back to your PHP 5.3.1 stack where mssqlconnect() was working. SQL Server integrated mode requires an authenticated user which has access to the machine running SQL Server. So if you can connect in SSMS with your user, you need to start your XAMPP,Apache/httpd with the credentials of your user. If apache is running as a service, go the services panel (services.msc on run), then go to Apache->properties->logon->'This Account' and put in your username and password so that apache service runs with your credentials, which is authenticated to connect to SQL Server instance. By default httpd is run with system account which is obviously not authenticated by SQL Server at remote machine, causing you the headache.
I have an application in which I have to access all pc connected to same network and their MySql Databases and I also want want to connect to remotely a server.
Actually I have list of drop down services and each service holding a database name. when I select a service then I want to build connection to database either it lies on same network or any remote server.
Remember, I know the hostname, username, password and dbname. and I am using mysqli_connect function.
I have try multiple options given on web, but all in vain. e.g grant host and user access. But not found any solution can help to solve my problem.
I have try bind-address option in my.conf file but no solution.
Here is my code
For remote Server
$con = new mysqli_connect('xxx xxx xxx:3306', 'username', 'pass', 'dbname');
For local Network
$con = new mysqli_connect('xxxx xxx xxx:3306', 'localhost', '', 'talent');
Error
mysqli::mysqli();(HY000/2002): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. and also get this one earlier Warning: mysqli_connect(): (HY000/1045): Access denied for user 'username'#'localhost' (using password: YES).
I am using windows platform. WIndow 8.1
I guess you want to access mysql database installed on different computers on same network as your computer and also on some remote server.
What you need is IP Addresses of all the computers on which the mysql server is installed including the remote server. And on each such computer mysql server remote access should be enabled for your computer's IP Address and mysql user you are using in 'new mysqli_connect()'. See this tutorial.
Also as fvu said check php documentation for 'mysqli_connect' function.
UPDATED
What is SSH?
1. SSH is SecureSHell.
2. Its nothing but a remote login tool or program(like telnet but in secured way).
3. Remote login is logging in to some other computer(known as remote computer) as a user of that computer from your computer.
4. After you successfully logged in to the remote computer via ssh, you can type commands on that remote computer on behalf of the user you are loggen in with.
5. Consider this as if you are sitting in front of your computer and watching the command prompt(terminal in linux and mac) screen of the remote computer.
6. Whataver you will type here will reflect there.
For your knowledge to make you understand the problem:
1. When you install XAMPP or WAMP on your computer it also installs MySQL Server with it.
2. MySQL Server is a process running in the background to which we can request to do
database operations like SELECT, UPDATE, etc.
3. This thing we generally do using 'mysql_connect' or 'mysqli_connect' in php.
4. MySQL Server can have many users and different users have different previledges/permissions. So that MySQL admin user(i.e. root) can control what things are allowed and not allowed for a user.
5. Now while connecting to the mysql server process we need to specify the user credentials. That you specify in mysqli_connect function.
Now let me explain you why you are getting that error:
1. The user credentials you are using either does not exist or not correct or the user has no access to connect to MySQL Server process remotely. i.e. from other computer that the one has MySQL Server installed on. In your case from your computer to computer A or to computer B or remote server.
2. The other reason may be the firewall settings of remote computers.
Solution:
1. For computer A and computer B you don't need ssh you can directly go to the computer and open command prompt on it and type commands.
2. But for remote computer you need to use ssh.
3. Now another problem is you are using Windows so ssh program will not be available to you.
4. You will need to download putty program. Its ssh implementation for windows. Same as ssh only name is different.
5. Take a putty tutorial to connect to remote server.
6. Then you can use this tutorial for granting remote login access to mysql user you are using in mysqli_connect function.
If the server is a local hosted database and you can connect to it from local host and i you are not able to connect to it from a remote machine consider the following options.
There is a firewall in ubuntu that you need to open, you do this by granting access in IPtables.
/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 3306 -j ACCEPT And now we should be able to login to our server from our local machine:
mysql -h255.112.324.12 -uroot -pMyPASSWORD
You need
to grant access to mysql: https://askubuntu.com/questions/159053/mysql-server-not-accessible-from-remote-machine
as root, open your /etc/mysql/my.cnf with your favorite editor look for the [mysqld] section, and in there for the bind-address keyword. This usually is set to 127.0.0.1 -- change that to match your "normal" IP-address save the file, and reload the service (e.g. using service mysql restart)
Last but not least you need to give remote access in mysql:
GRANT ALL ON mydb.* TO root#'%' IDENTIFIED BY 'MyPASSWORD';
Find more information here: http://web.archive.org/web/20120930214828/http://chosencollective.com/technology/how-to-enable-remote-access-to-mysql
Right now you seem to be mixing object-oriented and procedural approaches. If you want to use object-orented approach, mysqli object should be instantiated as follows:
$con = new mysqli($host, $username, $password, $dbname, $socket); // all but first parameter are optional
If you want to use procedural approach, mysqli connection resource should be created as follows:
$con = mysqli_connect($host, $username, $password, $dbname, $socket); // all but first parameter are optional
Could I have my php scripts on server A and connect to the MySQL database on server B?
If yes, how it would be done? Thanks in advance
its simple all thise above techniques are quite complicated
suppose you have database on server B and website on server A(say it has IP 192.234.12.1)
on cpanel whitelist the IP of server B
and create a new user having sufficient privileges in database (say this user is test)
then create this user as test#192.234.12.1
Yes.
The same way you access the localhost on the same server, you change the database host to the external one. This is more a configuration issue, you need to grant your database user remote access to your MySQL, you also need to make sure your firewall allows connections on the MySQL port.
Example on Debian: http://www.debianhelp.co.uk/remotemysql.htm
Yes it can be done.
Find out the IP address of the server A where your scripts will be uploaded. Do not forget to change the localhost to the ip address of the Server B in mysql_connect() or mysqli_connect() method.
Now go the control panel of the Server B where your Database is.
In the control panel's Homepage go the databases section and click the Remote MYSQL option.
Then add the Ip address of the Server A and click on add host.
Now you can access to the database in Server B while your scripts are running in Server A.
Mind you the fetched result will be slow cause it is getting data from database that is located on another server.
Your welcome
Just don't the hostname of the other box for the connection. Details depend on the extension you're using:
$mysql = mysql_connect($host, $user, $pass);
$mysqli = new mysqli($host, $user, $password, $schema);
$pdo = new PDO("mysql:host=$host", $user, $pass);
Make sure that the user is allowed to access by the MySQL server (CREATE USER) and check that there's no firewall in the way.
That is all what you need .
(Even you can have your scripts on server A, your web server on server B and your database on server C ...)
Have a look here:
http://us2.php.net/manual/en/function.mysql-connect.php
You can either pass in the server hostname as an argument, or configure in php.ini.
I was having similar challenges but here is what work for me:
To connect to server B from server A, First, you need to allow remote MySQL access hosts in cPanel (Server B), Home -> Databases -> Remote MySQL and also whitelist the IP in the firewall (That is IP Address of B server). Then the following php db connection should work.
$db_connect = mysqli_connect("serverB.com", "dbuser", "dbpassword", "dbname");
// Evaluate the connection
if (mysqli_connect_errno()) {
echo mysqli_connect_error();
exit();
}else{
//successful connection
echo "Yes, successful";
}
Its a perfect solution for connecting another database from other servers.
$dbserverName = "191.238.0.2";
$dbUsername = "lauranco_L2L";
$dbPassword = "SL92TIW5T96L";
$dbName = "lauranco_siteBits";
Good old thread.
Still - of all the answers appearing here, nothing addresses about the security.
It is highly insecure to open up the mysql port to outside the server.
The most secure option is to keep the mysql port open to one and only localhost in all servers.
And have another php running inside the second server, make it create the desired output and deliver the same to your php (running in the first server).
This code below checks for the user's credentials against ldap
<?php
$ldaphost = "ldap.domain.com";
$ldapport = 389;
$ds = ldap_connect($ldaphost, $ldapport)
or die("Could not connect to $ldaphost");
if ($ds)
{
$username = "johndoe#domain.com";
$upasswd = "pass";
$ldapbind = ldap_bind($ds, $username, $upasswd);
if ($ldapbind)
{print "Congratulations! $username is authenticated.";}
else
{print "Access Denied!";}
}
?>
My users use Firefox and IE, and I know that can pass their ActiveDirectory credentials seamlessly.
I just want to check the AD group to see if that username is found in there, if so, display the page, otherwise prompt to enter in credentials.
Since our users are already logged into the domain controller, I want to grab their username, check to see if it was found in the specific group, then let them in, otherwise prompt user to input credentials. How is this possible?
You actually do not need to communicate with the Active Directory server from your PP code to achieve what you want given the fact that you use IIS as your web server.
The key word here is Integrated Windows Authentication - that's the wording djn looked for. If this option is turned on (and anonymous access is denied) IIS will check the supplied credentials against the Active Directory and the NTFS filesystem privileges of the requested resources. You can therefore control access to your files using simple NTFS access control mechanisms.
If your users use IE they even don't have to type in their credentials as this is done automatically via so called SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism) and its underlying mechanisms Kerberos or NTLMSSP depending on what your client and server is capable of processing.
As far as I know Firefox is able to hand over the Windows logon credentials to your server automatically too. You ony have to adjust a configuration option to turn on that feature - don't know if this information is still valid with Firefox 3.5.x.
If you're running Apache on a *nix-system you'll have to resort to some server-side-module to handle a Integrated Windows Authentication-like system. Possible options are (don't know whether they are actually still maintained or stable):
mod_auth_ntlm_winbind
mod_auth_kerb
mod_ntlm
For Apache on Windows there are:
mod_ntlm (outdated; not the same as mod_ntlm above)
mod_auth_sspi (successor of mod_ntlm)
Please be aware that most of these modules seem to be very old.
Working just now on a similar setup: I skipped all of that LDAP stuff having the web server authenticating the client with AD before letting him in (sorry, I can't remember what's this called in the M$ alternate universe).
If the client reaches the PHP script he's in AD and I have his username both in $_SERVER["AUTH_USER"] and in $_SERVER["LOGON_USER"], otherwise he never gets to the script.
Ok, If you can answer this question, you deserve the nobel peace prize. Anyways, here's the situation.
I'm using Slicehost dot net, and I have 2 slices (two different IPs). One slice is my mail server and the other is my normal website. I'm running Ubuntu (8.04 or 8.10, something like that, it shouldn't matter). What I'm trying to do is access the MySQL database on the Mail server from the other slice. I'm trying to do that with PHP. I really appreciate any help.
mysql_connect()
$resource = mysql_connect('other-server-address.com', 'username', 'password');
The first parameter is the mysql server address.
Server Param
The MySQL server. It can also include
a port number. e.g. "hostname:port" or
a path to a local socket e.g.
":/path/to/socket" for the localhost.
If the PHP directive
mysql.default_host is undefined
(default), then the default value is
'localhost:3306'. In SQL safe mode,
this parameter is ignored and value
'localhost:3306' is always used.
Unless I'm misunderstanding... this setup is pretty common. Any trouble you're having might be related to the following:
Firewall settings
Grant access to the mysql user to connect from the other host
my.ini settings not allowing outside connections
Some other related SO questions:
Connecting to MySQL from other machines
How do I enable external access to MySQL Server?
php access to remote database
How to make mysql accept connections externally
Remote mysql connection
Assuming your mail server is at IP 192.168.1.20 and web server is 192.168.1.30
First of all you need to allow the web server to access the mysql database on your Mail server .
On 192.168.1.20 you run the mysql command and grant access on the database needed to your web server
mysql> grant all on mydb.* to 'someuser'#'192.168.1.30' identified by 'secretpass;
Your PHP code connects to that database with something like:
$conn = mysql_connect('192.168.1.20', 'someuser', 'secretpass');
mysql_connect() returns a link identifier if the connection is successful. Also you have to do is keep the references to both links.
When you want to use which ever link, simply include the link as an argument.
$link1 = mysql_connect($host1, $username1, $password1);
$link2 = mysql_connect($host2, $username2, $password2);
$r = mysql_query(QUERY, $link1);
Simple as that.