Doubt about PDO connection

Asked

Viewed 57 times

1

And everybody, I have a question about the PDO connection.

This is the connection I have in the script that I’m configuring:

<?php

function getDB() {
    $dbHost = 'host';
    $db     = 'bd';
    $dbUser = 'user';

    # Get database password from outside of web root
    $fileLoc = $_SERVER['DOCUMENT_ROOT'] . '/../passwords.txt';
    if (file_exists($fileLoc)) {
        $fh = fopen($fileLoc, 'r');
        $jsonStr = fgets($fh);
        $arr = json_decode($jsonStr, true);
        $dbPass = $arr['default-password'];
        fclose($fh);
    } else {
        die('no file found');
    }

    $db = new PDO("mysql:host=$dbHost;dbname=$db;charset=utf8mb4", $dbUser, $dbPass);
    return $db;
}

function getSteamProfileInfoForSteamID($allUsersInfoStr, $steamIDToFind) {
    $allUsersInfo = json_decode($allUsersInfoStr, true);
    $players = $allUsersInfo['response']['players'];

    foreach ($players as $player) {
        $steamID = $player['steamid'];
        $player['personaname'] = htmlentities($player['personaname']);

        if ($steamIDToFind === $steamID) {
            return $player;
        }
    }

    # If the user is not found, then return false
    return false;
}

function jsonSuccess($data) {
    return json_encode(array('success' => 1, 'data' => $data));
}

function jsonErr($errMsg) {
    return json_encode(array('success' => 0, 'errMsg' => $errMsg));
}

function getSteamAPIKey() {
    $fileLoc = $_SERVER['DOCUMENT_ROOT'] . '/../passwords.txt';
    if (file_exists($fileLoc)) {
        $fh = fopen($fileLoc, 'r');
        $jsonStr = fgets($fh);
        $arr = json_decode($jsonStr, true);
        $key = $arr['steamAPIKey'];
        fclose($fh);
        return $key;
    } else {
        die('no file found');
    }
}

function postVar($varName) {
    $var = isset($_POST[$varName]) ? $_POST[$varName] : null;

    if (is_null($var) || strlen($var) === 0) {
        return null;
    } else {
        return $var;
    }
}

function getVar($varName) {
    $var = isset($_GET[$varName]) ? $_GET[$varName] : null;

    if (is_null($var) || strlen($var) === 0) {
        return null;
    } else {
        return $var;
    }
}
?>

This connection is searching for the password in a txt file inside the root, but I do not have access to the root of my hosting, someone knows how to change to put the password directly in the code?

  • The problem seems to be the access (privilege) of the user to the database

  • I don’t have root access to put this txt in there, I need to change the connection. About the user privileges, it has all.

1 answer

2


Just remove the snippet of the code that does the search and manually put the values in the variables declared above, and NEVER put database password in txt files or files that are read through the browser, it is a fatal security error, its function getDB will look like this:

function getDB() {
    $dbHost = 'host'; // host
    $db     = 'bd'; // nome do banco
    $dbUser = 'user'; // usuário
    $dbPass = 'pass'; // criada aqui a variável para a senha, atribua o valor

    $db = new PDO("mysql:host=$dbHost;dbname=$db;charset=utf8mb4", $dbUser, $dbPass);
    return $db;
}

I hope it helps, hugs

  • i had already tried so and returned me the following error: Fatal error: Uncaught Exception 'Pdoexception' with message 'SQLSTATE[28000] [1045] Access denied for user 'user'@'10.1.2.39' (using password: YES)' in /home/u232474995/public_html/test/php/default.php:10 Stack trace: #0 /home/u232474995/public_html/test/php/default.php(10): PDO->__Construct('mysql:host=mysq...', 'u232474995_user...', 'PASSWORD') #1 /home/u232474995/public_html/test/php/login-status.php(8):

  • 1

    Make sure your login and password are correct and according to the server you are trying to connect

Browser other questions tagged

You are not signed in. Login or sign up in order to post.