-2

I got an error like this

Fatal error: Uncaught PDOException: SQLSTATE[HY000] [1045] Access denied for user 'root'@'localhost' (using password: YES) in C:\xampp\htdocs\qrcode\dbcon.php:5 Stack trace: #0 C:\xampp\htdocs\qrcode\dbcon.php(5): PDO->__construct('mysql:host=loca...', 'root', 'Emiloi21') #1 C:\xampp\htdocs\qrcode\login.php(3): include('C:\xampp\htdocs...') #2 {main} thrown in C:\xampp\htdocs\qrcode\dbcon.php on line 5

the dbcon.php code is

; <?php

date_default_timezone_set('Asia/Manila');

$conn = new PDO('mysql:host=localhost;dbname=qrCodeGen', 'root', '---');
 
?>

the login.php code is

; <?php

    include('dbcon.php');
    
    session_start();
    
    $username = $_POST['username'];
    $password = $_POST['password'];
    
    $safe_pass=md5($password);
    $salt="a1Bz20ydqelm8m1wql";
    $final_pass=$salt.$safe_pass;
    
    /* student */
        $query = $conn->query("SELECT * FROM useraccounts WHERE username='$username' AND password='$final_pass'");
        $row = $query->fetch();
        $num_row = $query->rowcount();
    if( $num_row > 0 ) { 
      

    $_SESSION['useraccess']=$row['access'];
    $_SESSION['id']=$row['user_id'];


    if($row['access']==='Administrator'){ ?>
    
        <script>window.location = 'home.php';</script>
       
       <?php }else{ ?>
       
       <script>window.location = 'home.php';</script>
       
<?php } }else{ ?>

       <script>
       window.alert("User not found...")
       window.location = 'index.php';
       </script>
       
<?php } ?>

Please help.

Raptor
  • 53,206
  • 45
  • 230
  • 366
Sans Kuri
  • 7
  • 1
  • 3
    **WARNING**: Writing an access control layer is not easy and there are many opportunities to get it severely wrong. Any modern [development framework](https://www.cloudways.com/blog/best-php-frameworks/) like [Laravel](http://laravel.com/) comes with an [authentication system](https://laravel.com/docs/master/authentication) built-in. At the absolute least follow [recommended security best practices](http://www.phptherightway.com/#security) and **never store passwords as plain-text** or a weak hash like **SHA1 or MD5**. – tadman Oct 13 '22 at 03:52
  • PLEASE do NOT post your mysql root password (Xmiloi2x) in your question. Thx – Ken Lee Oct 13 '22 at 03:52
  • 2
    **WARNING**: When using PDO you should be using [prepared statements](http://php.net/manual/en/pdo.prepared-statements.php) with placeholder values and supply any user data as separate arguments. In this code you have potentially severe [SQL injection bugs](http://bobby-tables.com/). Never use string interpolation or concatenation and instead use [prepared statements](http://php.net/manual/en/pdo.prepared-statements.php) and never put `$_POST`, `$_GET` or any user data directly in your query. Refer to [PHP The Right Way](http://www.phptherightway.com/) for general guidance and advice. – tadman Oct 13 '22 at 03:53
  • 1
    Don't use root to login from your Web app in the first place. That's the admin account, it's a security risk to use it here. Make a separate sql login with just the permissions your application actually needs, and make it use that – ADyson Oct 13 '22 at 06:15

1 Answers1

2

Not related to the login script, this means your server cannot connect to the database because of wrong credentials. This would be where PHP is trying to establish a connection with the database, the password is probably wrong

andriusain
  • 1,211
  • 10
  • 18