Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) error when running password reset script

Question

I'm trying to write a script that allows the user to request a new password when theirs is forgotten. For some reason, I keep getting Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2). I'm not sure I'm connecting properly (actually, I'm sure I'm not if I'm getting that error.) I've replaced the database details for obvious reasons.

<?
// Connect to MySQL
$conn = new mysqli('host','user','password', 'database')or die ('There was a problem connecting to the database.');

//This code runs if the form has been submitted
if (isset($_POST['submit']))
{

// check for valid email address
$email = $_POST['remail'];
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
 $error[] = 'Please enter a valid email address';
}

// checks if the username is in use
$check = mysql_query("SELECT email FROM users WHERE email = '$email'")or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
if ($check2 == 0) {
$error[] = 'Sorry, we cannot find your account details please try another email address.';
}

// if no errors then carry on
if (!$error) {

$query = mysql_query("SELECT first_name FROM users WHERE email = '$email'");
$r = mysql_fetch_object($query);

//create a new random password

$password = substr(md5(uniqid(rand(),1)),3,10);
$pass = md5($password); //encrypted version for database entry

//send email
$to = "$email";
$subject = "Account Details Recovery";
$body = "Hi $r->username, nn you or someone else have requested your account     details. nn Here is your account information please keep this as you may need this at a later stage. nnYour username is $r->username nn your password is $password nn Your password has been reset please login and change your password to something more rememberable.nn Regards Site Admin";
$additionalheaders = "From: <user@domain.com>rn";
$additionalheaders .= "Reply-To: noprely@domain.com";
mail($to, $subject, $body, $additionalheaders);

//update database
$sql = mysql_query($mysqli, "UPDATE users SET password='$pass' WHERE email = '$email'");
$rsent = true;


}// close errors
}// close if form sent

//show any errors
if (!empty($error))
{
    $i = 0;
    while ($i < count($error)){
    echo "<div class='msg-error'>".$error[$i]."</div>";
    $i ++;}
}// close if empty errors


if ($rsent == true){
    echo "<p>You have been sent an email with your account details to $email</p>n";
} else {
echo "<p>Please enter your e-mail address. You will receive a new password via e-mail.</p>n";
    }

?>

Every time you use [the `mysql_`](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) database extension in new code **[a Kitten is strangled somewhere in the world](http://2.bp.blogspot.com/-zCT6jizimfI/UjJ5UTb_BeI/AAAAAAAACgg/AS6XCd6aNdg/s1600/luna_getting_strangled.jpg)** it is deprecated and has been for years and is gone for ever in PHP7. If you are just learning PHP, spend your energies learning the `PDO` or `mysqli` database extensions and prepared statements. [Start here](http://php.net/manual/en/book.pdo.php) — RiggsFolly, Feb 09 '17 at 00:33
Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) — RiggsFolly, Feb 09 '17 at 00:33
Please dont __roll your own__ password hashing. PHP provides [`password_hash()`](http://php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://php.net/manual/en/function.password-verify.php) please use them. And here are some [good ideas about passwords](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet) If you are using a PHP version prior to 5.5 [there is a compatibility pack available here](https://github.com/ircmaxell/password_compat) — RiggsFolly, Feb 09 '17 at 00:35
You do realise you can select more than one column at a time `SELECT email, first_name FROM .....` — RiggsFolly, Feb 09 '17 at 00:36
As its a local MYSQL instance at least tell us what `host` string you are using, that wont let any cats out of the bag — RiggsFolly, Feb 09 '17 at 00:38
I am just learning, so thank you. The host string is mysql511.ixwebhosting.com . I did a script for login that is working using the same parameters. — Jamie, Feb 09 '17 at 00:57
As @Fred-ii- spotted, you are connecting with the `MYSQLI_` extension and then attempting to use the `MYSQL_` extension to issues your queries. That I am afraid wont work. There is more to changing API's than just changing the connect — RiggsFolly, Feb 09 '17 at 13:28

Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) error when running password reset script

0 Answers0