5
votes

Warning: mysql_connect(): Access denied for user 'root'@'localhost' (using password: YES) in C:\xampp\htdocs\Login\sessionHandler.php on line 35

So this is what's on the line 35.

//to make a connection with database
$conn = mysql_connect("localhost", "root", "password") or die(mysql_error());

I don't know whether this is the problem or the code I'm writing. I have searched for every possible answer but it is not what I was looking for.

this is my code (if the problem is not really on the line 35)

//validation error flag
$errflag = false;

//Input Validation
if($_POST['uname'] == '')
{
    $errmsg_arr[]='Login ID missing';
    $errflag = true;
}
if($_POST['pword'] == '')
{
    $errmsg_arr[] = 'Password missing';
    $errflag = true;
}


//if there are input validations, redirect back to the login form
if($errflag)
{
    $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
    session_write_close();
    header("location: login.php");
    exit();
}

//to make a connection with database
$conn = mysql_connect("localhost", "root", "password") or die(mysql_error());


//to select the targeted database
mysql_select_db("ngchoonching", $conn) or die(mysql_error());

//to create a query to be executed in sql
$username = $_POST['uname'];
$password = $_POST['pword'];
$query = "SELECT * FROM profile WHERE username = '$username' AND password = '$password'";

//to run sql query in database
$result= mysql_query($query, $conn) or die(mysql_error());

//check whether the query was successful or not
if(isset($result))
{
    if(mysql_num_rows($result) == 1)
    {
        //Login successful
        session_regenerate_id();
        $member = mysql_fetch_assoc($result);
        $_SESSION['SESS_MEMBER_ID'] = $member['id'];
        $_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
        $_SESSION['SESS_LAST_NAME'] = $member['lastname'];
        $_SESSION['STATUS'] = true;
        session_write_close();
        header("location: login-successful.php");
        exit();
    }
    else
    {
        //login failed
        header("location: login-failed.html");
        exit();
    }
}
else
{
    die("Query failed");
}

?>

I use localhost,phpmyadmin,xampp and I don't understand why the access is denied.

1
This is not a problem in the code, it's a problem with the database permissions. What does show grants for root@localhost; show?Barmar
Also avoid regular mysql use mysqli or better PDOIdris
@Barmar it says GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION and GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTIONCheryl Perry
its possible with your current code todo a simple sql injection and just return a single row from your table and use that to authenticate even login as anyone. Use mysqli or PDO with prepared query'sLawrence Cherone
@Barmar i'm sorry what should i do about this? This is actually my first time doing this, and i'm still learningCheryl Perry

1 Answers

11
votes

try $conn = mysql_connect("localhost", "root") or $conn = mysql_connect("localhost", "root", "")