[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 622
  • Last Modified:

MySql 4 authentication way

Hi all.
I wrote a little class to make dumps of MySql databases and to restore them if needed.
Now I receive this message if I run my demo script for this class from my computer connecting to my web database:

"MySqlDumper cannot establish a connection with following message mysqlnd cannot connect to MySQL 4.1+ using the old insecure authentication. Please use an administration tool to reset your password with the command SET PASSWORD = PASSWORD('your_existing_password'). This will store a new, and more secure, hash value in mysql.user. If this user is used in other scripts executed by PHP 5.2 or earlier you might need to remove the old-passwords flag from your my.cnf file"

My provider says that my script authentication system is not compatible with MySql4 but googling has not been useful to clarify me this assertion. Can someone help me?

I attach the code of construct method and invoked doConnect() method.

Thanks to all

PS I never tried to run this script from loaclhost to backup a remote database, so the problem could reside in this trying: now I've installed WampServer 2.1
PS2 I don't find PHP And Databases zone: what abot?
/**
         * Description and usage
         *
         * <p>Here they are set deafult values for new instances.</p>
         * <p>$hostname, $username and $password are mandatory,
         * $dbName is optional. In fact you can create a new instance
         * of MySqlDumper without specify a database and then retrieve a
         * list of all databases hosted in yuour server to choose among them
         * hich database use for backup procedures.</p>
         *
         * <p>You create a new insatance of MySqlDumper this way:</p>
         * <code>$dumper = new MySqlDumper('host_name', 'user_name', 'password', ['database_name'])</code>
         * <br>
         * <p>After having set parameters for a connection, MySqlDumer calls
         * private function _dbConnect() to establish a connection to your
         * database server.</p>
         * @param <string> $hostname
         * @param <string> $username
         * @param <string> $password
         * @param <string> $dbName
         */

        public function __construct($hostname, $username, $password, $dbName="") {
            error_reporting(E_NONE);
            ob_start();
            set_exception_handler('getErrors');
            $this->hostname = $hostname;
            $this->username = $username;
            $this->password = $password;
            if ($dbName != "") $this->dbName = strtolower($dbName);
            $this->_dbConnect();
        }


        /**
         * Description and usage
         *
         * Public function dbConnect
         * @return void
         * @param  string $val
         *
         * <p>It establishes a connection to database. If a connection exists, it close
         * it and then open a new connection: this allows user to choose a new database
         * and establish a new connection to it without destroy object which holds connection.</p>
         * <p>This function return true if connection was successfully established, otherwise
         * it returns false and shows error message.</p>
         */
        private function _dbConnect() {
            $this->errorMsg = array();
            if ($this->_checkDbConn()) $this->dbConn = null;
            if (empty($this->dbName)){
                $conn = @mysql_connect($this->hostname, $this->username, $this->password);
                if(!$conn) $this->errorMsg[] = "<b>function _dbConnect - </b>MySqlDumper cannot establish a connection with following message " . mysql_error();
                $this->dbConn = $conn;
            }else{
                $conn = @mysql_connect($this->hostname, $this->username, $this->password);
                if(!$conn) $this->errorMsg[] = "<b>function _dbConnect - </b>MySqlDumper cannot establish a connection with following message " . mysql_error();
                $this->dbConn = $conn;
                $selDb = @mysql_select_db($this->dbName, $conn);
                if(!$selDb) $errorMsg[] = "Database not found: " . mysql_error();
            }
            if (empty($this->errorMsg)){
                $this->_setDestFile();
                return true;
            }else{
                $this->getErrors();
                return false;
            }
        }

Open in new window

0
Marco Gasi
Asked:
Marco Gasi
  • 9
  • 5
  • 3
  • +2
5 Solutions
 
jrm213jrm213Commented:
Hi,

Ok, so just so we are on the same page here,

What version of MySQL is on the remote server?
What version of PHP are you using?

What version of MySQL has the script worked with.

There is a problem with new versions of PHP (I think 5.3) connecting to MySQL using the outdated authentication that was from 4. Basically if you upgraded MySQL from 4 to 5, you might be running into this issue because the passwords for the users are in the wrong format. If this is the case you need to either reset the password for the user you are trying to connect with or recompile php to use an older driver that will still use the old authentication method.

It is probably more secure to reset your password.

http://dev.mysql.com/doc/refman/5.1/en/old-client.html
http://stackoverflow.com/questions/1575807/cannot-connect-to-mysql-4-1-using-old-authentication
0
 
Marco GasiFreelancerAuthor Commented:
Thanks for trying to help, jrm213jrm213.
Well. I read your links and I ask you see if this makes sense: I could add in my class constructor a check to identify the mysql server version and do something like:

$mysqlversion = getMySqlVersion();
if ($mysqlversion < '5'){
  $sql="SET PASSWORD FOR 'some_user'@'some_host' = OLD_PASSWORD('newpwd');";
  Mysql_query($sql);
}

If this makes sense, I would need now a getMySqlVersion() function: do you know something like this?
0
 
Steve BinkCommented:
For the MySQL version:

SELECT @@VERSION;

For the PHP version, create a file on the server with only this code, then browse to it:

<?php phpinfo(); ?>

Open in new window

0
Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
Marco GasiFreelancerAuthor Commented:
Thanks. I let you know soon.
0
 
NoiSCommented:
If The OLD_PASSWORD isn't your trouble, could be that you are using mysqlnd PHP driver

http://www.php.net/manual/pt_BR/mysqlnd.overview.php

If this isn't your case, maybe your libmysql.dll is to old.

0
 
Marco GasiFreelancerAuthor Commented:
I use wamp server 2.1, php 5.3.5, mysql 5.3.8 and Apache 2.2.17

Where i can find mysqlnd driver? And libmysql.dll? They don't seem to exist in my system? An how can I use something different?
0
 
Steve BinkCommented:
In the phpinfo() output, look for the MySQL extension section.  It should report what type of MySQL library you are using (external or mysqlnd), and what version.  Given that you are using PHP 5.3.5, you should be okay in this regard.

You say you are using WAMP.  Is this your own environment, or your provider's environment?  If you are working with two different environments, do they match for versioning?
0
 
Mark BradyCommented:
First Answer: To post your question into the zone "Php and Databases" you will find that under at least two locations. Here they are....

1: Web Development/Scripting Languages/PHP/PHP and Databases/
or
2: Web Languages/Standards/PHP/PHP and Databases/

For number 2, the slash after "Web Languages" is part of the actual title so it is Web Languages/Standards - that is the parent heading, then go to "PHP" then to "PHP and Databases.

As for your main problem, please try reading the same/similar problem and solution found here...
http://stackoverflow.com/questions/4807072/windows-7-php-mysql-connection-issues

I see you have read a thread on the same website but this one is directly related to windows running xamp server software so you may just find your solution. Good luck.
0
 
Marco GasiFreelancerAuthor Commented:
@routinet. I was talking about my local environment. From this I'm trying to use my script to do a backup of remote database hosted by my provider, but versions are different and being a shared environment I can't access my.cnf and other 'strategic' files. I was hoping to can do something with php code in my class to make it 'universally' usable but it seems this is impossible, I'm right?
0
 
Steve BinkCommented:
What version of MySQL is on the remote host?
0
 
Marco GasiFreelancerAuthor Commented:
remote MySql 5.0.90 vs local MySql mysql 5.3.8
0
 
NoiSCommented:
I guess that you is using mysqlnd cause have a mention in your question.

This isn't a trouble with a code solution, this is a environment trouble. Seems that your development environment is different from your prodution environment. The recommended that is to use a identical (or nearest possible) environment.

You must use the php_mysql.dll instead mysqlnd to solve this issue.
look at
http://fr.php.net/manual/en/mysql.installation.php

to see how to install the php_mysql extension.



Another approach (just a try)
Login into your server with a SSH client or open a DOS prompt in your computer
## using mysql client
mysql -u root -p root_password

Open in new window


After a sucessfull login...
SET PASSWORD FOR 'some_user'@'some_host' = PASSWORD('newpwd');

0
 
Marco GasiFreelancerAuthor Commented:
@NoIS there is a thing I don't understand. My problem is using my class from within my local environment to backup a remote database: why I should modify password on my local environment? The script works fine if I use it within mi local env. to backup local db AND if I use it within remote env. to backup remote db.

It seems more probable the answer resides in mysqlnd, but... in C:\wamp\bin\php\php5.3.5\ext folder I have php_mysql.dll not mysqlnd.dll. Any idea?
0
 
jrm213jrm213Commented:
just because you have a dll in a certain folder does not mean it is being used. In your original statement you specifically referenced mysqlnd.

It works on your local machine most likely because your databases are not using the old password format.  The database you are connecting to remotely apparently is. So your system is saying it can't connect to that server because of the password formats being wrong and it won't use the old format.

you could try unregsvr32 c:\path to file\mysqlnd.dll
then
regsvr32 C:\wamp\bin\php\php5.3.5\extphp_mysql.dll
then
run your script and see what happens.


0
 
NoiSCommented:
Mysqlnd is a PHP built in driver. It is enable by default.
When you enable the php_mysql.dll extension on php.ini the mysql_* functions will use it instead mysqlnd.

About the password changes

There's a difference between hashes that mysql uses to encrypt passwords on different versions. MySQLnd doesn't work with the hash created by OLD_PASSWORD.

0
 
jrm213jrm213Commented:
If that is the case would it then be possible to trap the error in his php module and use putenv to switch to the other dll and try again?

0
 
Marco GasiFreelancerAuthor Commented:
@jrm213jrm213: I think you're asking that to NoIS :-) If I understood what NoIS said, one can't do that 'dinamically': if change password is a must, you can do that only after have been logged in mysql server so I can't make my script do that 'at runtime' and I have to do it personally.

I'm right, NoIS?
0
 
NoiSCommented:
Yes margusG.
There's no reason to code to prevent this kind of trouble.

The trouble isn't on the code but is on the environment. Just put all thing in your place, make the mysql auth system works once with php and all will be fine.

If your connection works on the mysql client on your computer, must work on PHP too with the correct lib.





0
 
Marco GasiFreelancerAuthor Commented:
Thank you, NoIS: finally I understood! The problem is not my class but my system: Wamp uses mysqlnd and my provider uses php_mysql...

Can you tell me if there is a serious security issue with old hash?

Anyway I'm going to award points: I'll split them among experts who have contributed to this thread.

Thanks to all
0
 
Marco GasiFreelancerAuthor Commented:
Thanks to all. Hope my splitting points will satisfy you all.
0
 
NoiSCommented:
There's no big serious security issue if your connection cannot be intercepted.
Read this to better understand.
http://dev.mysql.com/doc/refman/5.5/en/password-hashing.html

0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 9
  • 5
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now