PhpMyAdmin password config problem 1

[btween]

I am trying to password protect a PhpMyAdmin, and I followed some forum instructions that said do the following:

...
$cfg['PmaAbsoluteUri'] = '

http://your/path/to/pma/';

...
$cfg['blowfish_secret'] = 'some secret';
...
$cfg['Servers'][$i]['auth_type'] = 'cookie';

once I did this I get the welcome to php login box but I don't know what username and password to enter.

in the config.inc.php file in any fields that I try putting in a username and a password it does not work.

I get the error:



#1045 - Access denied for user: 'testuserforexample@localhost' (Using password: YES)

Where do I assign the sername and password?

 

[Miros]

I'd have left the script alone and password protected the directory it's in.

 

[KarveR]

mysql is giving you that error, log in to mysql using whatever normal userass combination you normally use

______________________________________________________________________
There's no present like the time, they say. - Henry's Cat.

 

[Miros]

Silly question, was the script functional before you attempted to password protect it?

 

[Kozusnik]

Personally, I do both. I set the user/pass in the config, of course change the root pw, and use an .htpasswd file to lock the dir.

I'm in a HealthCare environment, so HIPAA rules.

Mark

 

[btween]

Hey Mark,

can you provide some guidance on how to set the username and password. thsi is what I'm having trouble with.

 

[jpadie]

btween

the answers are all in the post already:

there are two points you need to protect.

the first is your database. this will have at least one username and password combo that is allowed to access it. this is the username/pwd combo that must be inserted in the phpmyadmin config file.

the second is access to the phpmyadmin script itself. if you are using apache you can protect this by using .htaccess as mark suggested. if your host provides cPanel or similar, this can sort out the protections for you. if not then ask in the apache forum or google for .htaccess.

if you are using IIS then you need to set the permissions in the IIS management snap-in.

other webservers i'm not sure about. probably something similar.

 

[Kozusnik]

MySQL

$ mysql -uroot 
mysql> UPDATE mysql.user SET Password=PASSWORD('yourpassword') WHERE User='root';
mysql> FLUSH PRIVILEGES;

phpMyAdmin/config.inc.php

$cfg['Servers'][$i]['user']          = 'root';
$cfg['Servers'][$i]['password']      = 'yourpassword';

Scroll down, there may be more entries. Also, I don't recommend using root for phpMyAdmin, but it will get you connected.

.htpasswd (su to root for this)

$ htpasswd -c /etc/httpd/conf/mypassfile username password

(to add more users, remove the "-c")
Create a file named .htaccess in the phpMyAdmin folder with this in it (that's {dot+htaccess}, the dot or period is very important)...

AuthUserFile /etc/httpd/conf/mypassfile
AuthGroupFile /dev/null
AuthName "Restricted Directory"
AuthType Basic

require valid-user

<IfModule mod_ssl.c>
#SSLRequireSSL
</IfModule>
<IfModule !mod_ssl.c>
# no non-ssl access
order allow,deny
</IfModule>

Mark

 

[Kozusnik]

Shoot...the htpasswd should be followed by "-cf" not just "-c". The c tells it to create the file. If you remove the c then it will just append new users to the same file.

Mark

 

[btween]

Ok, Kozusnik,

I try running the MySql code by going to the SQL link once in the database in PhpMyAdmmin and this is what I get:



SQL query:

$ mysql - urootmysql & gt;

UPDATE mysql.user SET PASSWORD = PASSWORD( 'testpas' ) WHERE User = 'root'

MySQL said: Documentation
#1064 - You have an error in your SQL syntax near '$ mysql -uroot
mysql> UPDATE mysql.user SET Password=PASSWORD('testpas') WHERE U' at line 1



Do I need to create a table called user?

 

[jpadie]

Mark posted a CLI command.

the query to run is
UPDATE mysql.user SET PASSWORD = PASSWORD( 'testpas' ) WHERE User = 'root'

but i am not sure that you need to do this if you are already functioning ok within phpmyadmin.

 

[btween]

ok,

I ran the query


and then I followed his second set of instructions which say



phpMyAdmin/config.inc.php
CODE
$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['password'] = 'yourpassword';


Instead of getting a login prompt for pypmy admin,

I get the following error when trying to load the PhpMyAdmin folder:

MySQL said:

#1045 - Access denied for user: 'root@localhost' (Using password: YES)

 

[jpadie]

as i said. you did not need to run the query if phpmyadmin was working for you.

in any event it should still work so long as the password you entered into the config file was correct.

taking steps 1 and 2 will not have any effect whatsoever on whether phpmyadmin itself is protected. that is the purpose of the .htaccess file.

 

[btween]

so what exactly do I have to do to get a login box when accessing the PhpMyAdmin directory?

 

[btween]

and what does he mean by su to root? also what's up with this line:

$ htpasswd -c /etc/httpd/conf/mypassfile username password

do i include it in the .htaccess file?

I'm sorry guys but this is like swahili to me.

 

[jpadie]

you're not helping yourself here: Mark has given you the answer above.

this assumes you run apache and linux and have terminal access.

 

[btween]

the server is hosted remotely. I have the ip of the server and ftp access. i'm running a windows machine locally. Maybe you could tell me how to access the terminal.

 

[jpadie]

i can't do that, no. at least not with any certainty.

do you know whether your hosted servers are linux?

does your service provider offer CPANEL?

who is your service provider?

 

[btween]

It is a Linux server but it does not have a CPANEL. It's got some sort of custom administrative tool

 

[jpadie]

then i would guess the custom administration tool will allow you to create protected directories.