I am currently accessing the database by $_SESSION['connection'] = odbc_connect('Driver={MySQL ODBC 5.1 Driver};Server=localhost;Database=mysql;Option=3;', 'root', '');
Apart fromt the fact that I need to get a password put on that account (and maybe even use another account than root? And probably change the databse name?), I want to write some code which I can disrtribute to be installed at several sites.
I want to use the same code at each site, although I can't know the IP addresses in advance. How do I go about that? Do I just tell their IT guy to set a DNS trandlation for something like myDatabaseServer and then substitue Server=localhost by Server=myDatabaseServer in the odbc_connect() call? Or do I need to do somehing with the ODBC manager in the Windows control panel?
Hmmm, I should probably obfuscate or comple the code before ditributing it...
Update: I found this question which said
In your MySQL configuration file (my.cnf), you need the following at least:
port = 3306 # Port MySQL listens on
bind-address = 192.168.1.15 # IP address of your server
# skip-networking # This should be commented out to enable networking
I presume thatbind-address coudl be myDatabaseServer, so that I don't need to edit the config file for each remote site(?)
It also said GRANT ALL ON test.* TO 'root'#'192.168.1.15' IDENTIFIED BY ''; So that is a command that has to be run once on the databse? But I can't know the IP adress in advance? In fact, multiple users may need access - can I wildcard it to 192.168..? Is thus really, really needed? Is there any way that I can dconfigure it once, not knowing in advance which range of netwrok addresses each user will use (I know that it sounds insecure, but could I just grant access to everyone and rely on password protection, plus no outsiders knowing that the databse is there?)
The bind-address can only be set to an IP address, not a domain name, and refers to the outgoing IP address that the mysql server will bind to.
However, when connecting externally, you can always just set the bind-address to 0.0.0.0 that way the mysql server will accept incoming 3306 connections on any interface it has access to. The admin side would look after naming the server, and you can connect to it by that name.
Once that is set correctly you just need the appropriate user credentials set up, so that an external user can connect from a given IP (or pattern).
e.g.
GRANT ALL PRIVILEGES ON *.* TO USERNAME#IP IDENTIFIED BY "PASSWORD";
See here for external IP patterns.
Of course, you should use a limited access account in general, and allow access to only specific database/tables (db.* is usually acceptable)
Just to add to Slomojo's accurate answer: Don't forget to flush privileges; in mysql after making any changes to privileges.
Related
I see the command to set up a user account on mySQL is:
CREATE USER 'userName'#'localhost' IDENTIFIED BY 'some_pass';
For the localhost, do I keep that local host if I want the user to be able to insert from another ip adress that the mySQL DB is not on?
Also if I was creating a connecting class to match the above, would it look like this:
<?php
class myConnect extends mysqli{
public function __construct($hostname='localhost',
$user='userName',
$password='some_pass',
$dbname='dbName'){
parent::__construct($hostname, $user, $password, $dbname);
}
}
?>
Again I am concerned about the localhost part in the php class above. Basically the php is not goign to be on the same server as the database.
Update:
Tried the answer below but am getting this php error still:
Warning: mysqli::mysqli() [mysqli.mysqli]: (HY000/2003): Can't connect to MySQL server on 'mySQLIP' (111) in /home4/m133414/public_html/myDigitalOcean.php on line 12
If php is installed on a different server than MySQL, you need to change localhost to whatever the IP address is that the MySQL sees the php server as. That's in the user creation. If you want it avaiable from anywhere, change localhost to '%'
In php, in place of localhost, put the IP address of the MySQL server.
If your PHP server has a separate IP address or host name than the MySQL server, use the PHP server's IP/hostname in the grant statement
CREATE USER 'userName'#'php.server.ip.goes.here' IDENTIFIED BY 'some_pass';
If you want users to be able to connect to your server from anywhere, you can use a wildcard:
CREATE USER 'userName'#'%' IDENTIFIED BY 'some_pass';
though this is generally insecure.
You should use 'localhost' if you want users to be able to connect to your server only from the same IP/host as your MySQL server. This would be appropriate in situations where your webserver is on the same host as the MySQL server.
Mysql is very picky about user account string formatting, and in particular treats the hostname 'localhost' as special (and exactly how depends on the version).
If the hostname is 'localhost' then many mysql versions will use a local Unix Socket (and not TCP/IP) to connect. If you use a DNS name such as mysql.server.example.org, be aware that you need to include exactly the string mysql sees on connect: it's not 'intelligent' in saying 'mysql' is the same thing, for example.
Be aware also that creating a user does not give it permission to do anything. You will normally need to use GRANT to do that as well. You can grant permission to the whole server (not recommended!) or to all tables in a database, or even to individual tables. I would strongly recommend testing using 'phpmyadmin' to investigate this if needed.
Finally, I'm just slightly worried that you are conflating user-of-mysql and user-of-application. Normally, the mysql user table is not used for application level users (e.g. website profiles). I say this because DB user creation is often a one-off thing and so doesn't need application code to do it...
This is the error I get when using php code
"mysql_connect($host,$user,$password)", where $host="IP_of_my_system" :
Warning: mysql_connect(): Host 'xxx' is not allowed to connect to this MySQL server in C:\xampp\htdocs\mysqltest\insert.php on line 4
But when using localhost instead of IP, it works fine.
Why is this behavior?
Its quite simple if you understand how Userid's work in MySQL.
Each userid has a location associated with it from where that userid is allowed to logon from. This can be from anywhere % but normally its an ip address or set of ip addresses.
So the userid you are using is probably setup to be allowed access from localhost and 127.0.0.1 and maybe ::1 all of which are ways of addressing the PC that the MySQL Server is running on.
These should suffice so use localhost or 127.0.0.1 or change the userid definition in MySQL to be allowed to acess from 192.168.0.99 or whatever you ip address is, but using one of the alias's for this PC should be all you need.
Using the alias's also helps when you move your code to another machine and/or MySQL server. I fyou use a specific IP it probably wont.
Please Mention the port no like 192.168.0.1:3306 ( by default mysql port ) in $hostname.
For server port no contact your server administratior
Two possible reasons for your problem:
1) Your firewall is blocking IP_of_my_system:3306
2) you haven't configured proper access in MySql.
For the item #1, check your system.
For the #2, in Workbench, enter as administrator of your database.
Then, click on "Users and Privileges". In this page, you must grant to your user (MySQL user, not Windows user!), the permissions to login from an address or a network. This permission is "per host" and "per schema". In the following image, you can see that the user "testmvc" may login form any host (%) and from localhost:
In the next image you can see the "Schema Privilege" tab:
where you can see that the user "testmvc", from any host (%) may access the "testmvc" schema with the specified privileges.
The combination of access and privileges grants your user to access the MySQL server and operate on it.
I had a similar problem and only worked solution is creating a new user with same specification as old user. Strange, but hope it helps someone else with the same problem.
I have website example.com, it contains a MySQL server. I have another example.org, both are different domains. I want to access the MySQL server on example.com from example.org. How would it be possible?
You will need to set the remote example.com when you call the database connection initialization function. For example:
mysqli_connect("example.com", 'username', 'password', 'database name');
But you will need to check whether example.com's MySQL server is set to accept connections from other hosts (see the bind-address directive in your my.cnf or my.ini), and that the username you connect with is set to be able to connect from external domains.
Consider the following Users page of phpMyAdmin:
It is clear that only user test has access from outside domains (% in the Host field). Not shown on the image, but user test has full privilege on the database called test. The other users are bound to the local domain, even though the server is set to accept connections from the outside, when authenticating, users are thrown a denial.
You can connect to remote MySQL server. Just have to make sure that the remote server is binding to public address.
Here's how: http://www.howtogeek.com/howto/mysql/switch-mysql-to-listen-on-tcp/
You can connect to any MySQL server wherever it is, as long as it's setup for remote connection.
Depending on your operating system and webserver of choice, the settings will be different, but a good place to start is by (if using linux) looking here:
/etc/mysql/my.cnf
In this file you will find:
bind-address: 127.0.0.1
You will change this to the IP address of the server and then restart the mysql daemon.
..and now you can connect remotely ;)
I am using php to send a query to an existing database to use existing login credentials for a webbased program to allow access to a members section page. My web server is public and has a public ip as well as a private ip. However, my sql server is sitting on the local lan and does not have a public ip. I am very new to php, but I feel I have a done a good job writing it. the code works amazingly when I hosted the site for internal use with a dummy database on my pc. I set up Apache on my pc to run the php code and set up a sql database for testing purposes. I could access the site and login and out from any other computer in the office, by typing in my 192.168.x.x into the web browser.
Now that the site is moved to the web server and I am linking to an active database on another server it doesnt want to work. I am pretty sure i dont have any coding erors causing this its a configuration issue. I am wondering what ports should be open where? and will existing DB users be able to query the DB from a remote private ip? I realize this may be a beginners question, but I have looked everywhere for days now and my brain is fried. I need a basic checklist of the main things to look for or set when establishing this type of connection.
Website is running on 192.168.1.1 with public ip of 173.72.173.x
SQL DB is running on 192.168.1.2
I log into the sql engine on the sql server with 'user' and 'password' so my config file i use:
$server = "192.168.1.2:3306"; // server to connect to.
$database = "myusers"; // the name of the database.
$db_user = "user"; // mysql username to access the database with.
$db_pass = "password"; // mysql password to access the database with.
$table = "dbo.users"; // the table that this script will set up and use.
And I call it into every file that need to query anything.
So are theses setting right? Or do I need to create another user on my sql engine to access the db from a remote host? and what about ports? sql server has 3306 opened, but that's it?
If you are using MySQL (you mentioned port 3306), you will most likely want to check the my.cnf configuration file on the MySQL server, and have it allow remote connections.
Just do a fast search for bind-address = 127.0.0.1 and comment it by putting a hash# in front of it and disable interface binding.
Since you did not specify the OS you are using, I can't know for sure whether it may be bound to a specific NIC or not. Try it yourself.
Help!
I have a PHP (PHP 5.2.5) script on HOST1 trying to connect to an MySql database HOST2. Both hosts are in Shared Host environments controlled through CPanel.
HOST2 is set to allow remote database connections from HOST1.
The PHP connect I'm using is:-
$h2 = IPADDRESS;
$dbu = DBUSER;
$dbp = DBPASS;
$DBlink = mysql_connect($h2, $dbu, $dbp);
This always fails with:-
Access denied for user '<dbusername>'#'***SOMESTRING***' (using password: YES)
nb: SOMESTRING looks like it could be something to do with the shared host environment.
Any ideas???
BTW: I can make remote connections to HOST2 from my laptop using OpenOffice via ODBC, and SQLyog. The SQLyog and ODBC settings are exactly the same as the PHP script is trying to use.
somestring is probably the reverse-lookup for your web-server.
Can you modify privileges from your cPanel? Have you done anything to allow access from your workstation (ODBC)?
The error-message seems to indicate that you have network-access to the mysql-server, but not privileges for your username from that specific host.
If you're allowed to grant privileges for your database, invoking:
GRANT SELECT ON database.* TO username#ip.address.of.host1 IDENTIFIED BY 'password'
might work for you. I just wrote this out of my head, you might want to doublecheck the syntax in mysql-docs.
Have you read the MySQL documentation on Causes of Access denied Errors?
Have you contacted support for your hosting provider? They should have access to troubleshoot the database connection. People on the internet do not have access.
Do you need to specify the database name? Your account might have access to connect only to a specific database. The mysql_connect() function does not allow you do specify the database, but new mysqli() does. I'm not sure if this is relevant -- it might allow you to connect but give you errors when you try to query tables that aren't in your database.
Are you sure you're using the right password? MySQL allows each account to have a different password per client host. Admittedly, this is not a common configuration, but it's possible. Your hosting provider should be able to tell you.
Just some ideas:
HOST1 does not have remote access to HOST2 (shared host is disallowing)
MySQL account does not have access from HOST1 (IP address specified on account creation, or wildcard)
Edit:
In response to your comment, I meant that HOST1 cannot get to the MySQL port on HOST2. Web services will work, of course, because port 80 is open to the public. As another user pointed out though, you are getting a response, so you are reaching it. I would try specifying the DB, and double checking the account creation command you ran.
For the second piece, I meant this: http://dev.mysql.com/doc/refman/5.0/en/adding-users.html
You can specify what host the username can connect from. If it isn't set to HOST2's IP or the wildcard, HOST2 can't log in with those credentials.
The error message means that you can contact the mySql server, but the user you are trying to log in as, does not have access.
Either the user does not have access at all, or it has access locally, but not from the host you are connecting from.
You should try to use the hostname and port like $h2 = IPADDRESS:3307;