Find the answer to your Linux question:
Results 1 to 6 of 6
Question: Can a PHP script that is used to connect to a remote mysql database be prompted for a user password? It seems that I can either use this /* ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2005
    Posts
    5

    php + prompt for password


    Question:

    Can a PHP script that is used to connect to a remote mysql database
    be prompted for a user password?

    It seems that I can either use this

    /* Connect to database */
    $link = mysql_connect("localhost", "root", "")

    -which means anybody who can run the script gets in,

    or

    /* Connect to database */
    $link = mysql_connect("localhost", "root", "Put In My Password")

    -which is worse ie: anyone who reads the script knows the password.

    Thanks

  2. #2
    Linux Engineer
    Join Date
    Apr 2005
    Location
    Buenos Aires, Argentina
    Posts
    908
    I'd use the password.. also, it's not supossed to be run/read by anyone
    serzsite.com.ar
    "All the drugs in this world won\'t save you from yourself"

  3. #3
    Just Joined!
    Join Date
    Jul 2005
    Posts
    5
    Well,
    That would be the ideal situation:
    Not to have anyone read or execute your
    scripts. But, if you logon to mysql locally,
    you have the option to supply the password.
    ie: mysql -u SOME_USER -p
    then you will be prompted for password.
    I was just wondering if mysql had a mechanism
    to prompt for a password from a php script remote logon.

    Here is why I would like to have this feature.
    I have a Linux box that I would like to keep some
    personal info on. (mysql database) It's an old 200Mhz machine with
    RH-8. It's connected to a Windows 98se machine that
    I use for other uses. My plan was to use some php
    scripts to manage the database on the Linux box,
    by running IE browser (http:Linuxbox~/php_scripts_folder),
    where php scripts are. This works fine. But I worry
    since I'm on the net with the Windows box (like right now)
    that anyone could run or read the scripts by essentially
    doing the same thing - ie: http'ing to my linux box. I just
    thought it would be a little better to also be prompted for
    a password before running any php/mysql scripts.
    Now obviously, Im a novice at this stuff.

    I could just ssh my linux box and run the scripts.
    And I have, but I would prefer to use the browser
    method.

    Any suggestions (other than the obvious) "Don't do this"?

  4. #4
    Just Joined!
    Join Date
    Jul 2005
    Posts
    5
    Back again with a vengence.

    Basically did what I wanted to do with a protected directory.

    Did not have much luck when using htpasswd (Apache 2.0)
    Did a lot of googling - something amiss when using IE6 browser

    However, I did pretty much the same thing using htdigest tool (also Apache 2.0)


    Since I have a RedHat 8 install:

    First - create a password directory and password file
    ie: mkdir /opt/pwdir
    cd /opt/pwdir
    touch .password
    (need to have write permissions on .password -
    can change back to 'read only' after you write the file)

    /usr/bin/htdigest -c /dir-to/password/file "realm" username
    ie: /usr/bin/opt/pwdir/.password "what ever you want" joe

    type in password
    verify password

    Then IN the directory you want to authenticate,

    touch .htaccess
    and add:

    AuthType Digest
    AuthName "what ever you want"
    AuthDigestFile /opt/pwdir/.password
    Require user joe

    As I explained earlier - I just wanted to access a scripts dir
    on linux from IE explorer on a Win98 box with 'some degree
    of authentication' -- and this works just fine.

    Just http://hostname/~username/protectedDIRname
    then you are prompted for user and password
    Then you're in and can run whatever --- pretty scary

  5. #5
    Linux Newbie
    Join Date
    Jul 2005
    Location
    ~/home
    Posts
    105
    put your database connection variables outside your webroot (/home/foo/db_connect.php)
    Code:
    <?php
    $host = "localhost";
    $user = "foo";
    $passwd = "joe-bar";
    ?>
    and include this file in your script
    Code:
    <?php
    include&#40;'/home/foo/db_connect.php'&#41;;
    $link = mysql_connect&#40;'$host', '$user', '$passwd'&#41; or die &#40;'Cannot connect to database...'&#41;;
    ....
    ?>
    if your server is well configured, no one can read your password.
    Help me getting a Opera licence
    Beginning with debian? -> read THIS!

  6. #6
    Just Joined!
    Join Date
    Jul 2005
    Posts
    5
    Thanks alain
    So very cool -- newbie??
    Man, Igot start thinking outside the box

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •