When trying to connect to mySQL Database for my login page my error_log shows this

Question

When trying to connect to my mySQL Databse for my website it seems to be returning a error_log that says that my access is denied when I have already setup permissions for my user to have full access to the database (seen below)

I am pretty sure I have everything setup but here is the error message i am receiving. Here is my code also, and apparently I need to change the security of a password_hash for my php? I am just slightly unsure where to put it, but here is all of my code.

database.php

   <?php

session_start();

$server="beastfox.com";
$user="beaskxxb_beaskxxb";
$password="-";
$database= "beaskxxb_database";

 $db = mysqli_connect($server, $user, $password, $database);

    ?>

my index.php

    <?php
   include("database.php");
   session_start();

   if($_SERVER["REQUEST_METHOD"] == "POST") {

      $username = mysqli_real_escape_string($db,$_POST['username']);
      $password = mysqli_real_escape_string($db,$_POST['password']); 

      $sql = "SELECT id FROM admin WHERE username = '$username' and password = '$password'";
      $result = mysqli_query($db,$sql);
      $row = mysqli_fetch_array($result,MYSQLI_ASSOC);
      $active = $row['active'];

      $count = mysqli_num_rows($result);


      if($count == 1) {
         session_register("username");
         $_SESSION['login_user'] = $username;

         header("location: myaccount.php");
      }else {
         $error = "Your Login Name or Password is invalid";
      }
   }
?>

<!DOCTYPE html>
<html>

  <head>

    <title>Login</title>
    <link rel="apple-touch-icon" sizes="57x57" href="favicon/apple-icon-57x57.png">
    <link rel="apple-touch-icon" sizes="60x60" href="favicon/apple-icon-60x60.png">
    <link rel="apple-touch-icon" sizes="72x72" href="favicon/apple-icon-72x72.png">
    <link rel="apple-touch-icon" sizes="76x76" href="favicon/apple-icon-76x76.png">
    <link rel="apple-touch-icon" sizes="114x114" href="favicon/apple-icon-114x114.png">
    <link rel="apple-touch-icon" sizes="120x120" href="favicon/apple-icon-120x120.png">
    <link rel="apple-touch-icon" sizes="144x144" href="favicon/apple-icon-144x144.png">
    <link rel="apple-touch-icon" sizes="152x152" href="favicon/apple-icon-152x152.png">
    <link rel="apple-touch-icon" sizes="180x180" href="favicon/apple-icon-180x180.png">
    <link rel="icon" type="image/png" sizes="192x192"  href="favicon/android-icon-192x192.png">
    <link rel="icon" type="image/png" sizes="32x32" href="favicon/favicon-32x32.png">
    <link rel="icon" type="image/png" sizes="96x96" href="favicon/favicon-96x96.png">
    <link rel="icon" type="image/png" sizes="16x16" href="favicon/favicon-16x16.png">
    <link rel="manifest" href="favicon/manifest.json">
    <meta name="msapplication-TileColor" content="#ffffff">
    <meta name="msapplication-TileImage" content="favicon/ms-icon-144x144.png">
    <meta name="theme-color" content="#ffffff">
    <meta charset="UTF-8">
    <link rel="stylesheet" type="text/css" href="main.css">
    <link href="https://fonts.googleapis.com/css?family=Raleway:100" rel="stylesheet">
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
    <link href="https://fonts.googleapis.com/css?family=Open+Sans:300" rel="stylesheet">
    <link href="https://fonts.googleapis.com/css?family=Roboto+Condensed" rel="stylesheet">
  </head>

  <body>

<div class="LoginBox" style="">
<div class="element_wrapper">
 <a class="Login">Login</a>





    <class>
    <center>
                       <form action = "" method = "post">
                  <input type = "text" name = "username" class = "username" value="Username"/><br /><br />
                  <input type = "password" name = "password" class = "password" value="Password" /><br/><br />
                  <input type = "submit" value = " Submit " class="btn"/><br />
               </form></center>





    </class>
        </div>
            </div>
                </body>
</html>

the error I keep getting

    [19-Jun-2017 21:43:37 America/New_York] PHP Warning:  mysqli_connect(): (28000/1045): Access denied for user 'beaskxxb_beaskxxb'@'server228-5.web-hosting.com' (using password: YES) in /home/beaskxxb/public_html/database.php on line 10
[19-Jun-2017 21:43:37 America/New_York] PHP Notice:  A session had already been started - ignoring session_start() in /home/beaskxxb/public_html/index.php on line 3
[19-Jun-2017 21:43:37 America/New_York] PHP Warning:  mysqli_real_escape_string() expects parameter 1 to be mysqli, boolean given in /home/beaskxxb/public_html/index.php on line 7
[19-Jun-2017 21:43:37 America/New_York] PHP Warning:  mysqli_real_escape_string() expects parameter 1 to be mysqli, boolean given in /home/beaskxxb/public_html/index.php on line 8
[19-Jun-2017 21:43:37 America/New_York] PHP Warning:  mysqli_query() expects parameter 1 to be mysqli, boolean given in /home/beaskxxb/public_html/index.php on line 11
[19-Jun-2017 21:43:37 America/New_York] PHP Warning:  mysqli_fetch_array() expects parameter 1 to be mysqli_result, null given in /home/beaskxxb/public_html/index.php on line 12
[19-Jun-2017 21:43:37 America/New_York] PHP Warning:  mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in /home/beaskxxb/public_html/index.php on line 15
[20-Jun-2017 00:37:19 America/New_York] PHP Warning:  mysqli_connect(): (28000/1045): Access denied for user 'beaskxxb_beaskxxb'@'server228-5.web-hosting.com' (using password: YES) in /home/beaskxxb/public_html/database.php on line 10
[20-Jun-2017 00:37:19 America/New_York] PHP Notice:  A session had already been started - ignoring session_start() in /home/beaskxxb/public_html/index.php on line 3

I have written a message about my php before but i still seem to be getting errors, if you know anything. Thanks,

I know you probably no whats wrong! Im sorry im not that advanced. Your's most apologetically if it causes any inconveniences, David | BeastFox

Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) — RiggsFolly, Jun 20 '17 at 11:58
As I did write, I wasnt sure how to prevent it with password_hash so I am still confused on how to do so, — , Jun 20 '17 at 11:59
Its normal to use `$server="localhost";` or `$server="127.0.0.1";` Is your database on a different machine to your website? If not try this — RiggsFolly, Jun 20 '17 at 12:00
The [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) comment has nothing to do with using plain text password. Its to do with using `mysqli_real_escape_string()` which is no protection at all — RiggsFolly, Jun 20 '17 at 12:02
But now you mention the password issue, PHP provides [`password_hash()`](http://php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://php.net/manual/en/function.password-verify.php) please use them. And here are some [good ideas about passwords](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet) If you are using a PHP version prior to 5.5 [there is a compatibility pack available here](https://github.com/ircmaxell/password_compat) — RiggsFolly, Jun 20 '17 at 12:02
My database is connected to my webserver im pretty sure, Provided by namecheap. But what exactly am I meant to change with password_has()? Like to I replace mysqli_real_escape_string() with password_has()? Sorry Im slightly, confused. — , Jun 20 '17 at 12:26
Read the links here: Please use ***PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)*** to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). ***It is not necessary to [escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, Jun 20 '17 at 12:29
@JayBlanchard I have read through your documentation but I am still very confused, I am currently on version 5.6 of PHP and it is confusing me of where I am meant to be placing `password_hash()` You're telling me if i'm lower than 5.5 I can use `password_hash()` but from what I see your website isn't indicating anything if im over it? — , Jun 20 '17 at 12:37
You can use `password_hash()` with all versions of PHP above 5.5 — Jay Blanchard, Jun 20 '17 at 12:41
So am I meant to replace mysqli_real_escape_String() with password_hash? — , Jun 20 '17 at 12:42
Yes, you are supposed to replace it. Make sure the column holding the password hash is at least 60 characters wide. ***BUT*** don't worry about hashing until you get your database connection working. — Jay Blanchard, Jun 20 '17 at 12:43
@JayBlanchard I have now edited the database.php and I will edit the index.php to include password_hash() once I have successfully connected my database. But what am I meant to do to connect? as I still am not getting a connection. — , Jun 20 '17 at 12:48
Have you asked your provider how you should connect to the database? Have you setup a user like we talked about? Change `$server="beastfox.com";` to `$server="localhost";` and see what happens. — Jay Blanchard, Jun 20 '17 at 12:50
When I talked to my hosting provider, they said to me that the only way I was able to setup users was via CPanel, which I did. And I made an account with full permissons. I tried to do it in a SSH but It didn't work. They said I could only do it via cpanel. They said to me they only work with hosting and that i should probably go hear to talk about it :/ — , Jun 20 '17 at 12:51
Maybe a quick glance at [namecheaps own help pages](https://www.namecheap.com/support/knowledgebase/article.aspx/9663/2187/how-to-fix-error-establishing-a-database-connection-in-wordpress) would get you sorted — RiggsFolly, Jun 20 '17 at 13:00

score 0 · Answer 1 · edited Jun 20 '17 at 12:24

0

$db = mysqli_connect($server, $user, $password, $database);

replace this with

$db = mysqli_connect("localhost", $user, $password, $database);

edited Jun 20 '17 at 12:24

Jay Blanchard

34,243
16
77
119

answered Jun 20 '17 at 12:11

kadam sunil

233
2
3

1

A ***good answer*** will always have an explanation of what was done and why it was done in such a manner, not only for the OP but for future visitors to SO. – Jay Blanchard Jun 20 '17 at 12:28
Did you [come up with this](https://stackoverflow.com/questions/44652400/when-trying-to-connect-to-mysql-database-for-my-login-page-my-error-log-shows-th?noredirect=1#comment76290070_44652400) all on your own ??? – RiggsFolly Jun 20 '17 at 12:54

When trying to connect to mySQL Database for my login page my error_log shows this

1 Answers1