how can i password protect my phpmyadmin??

php4om

how can i password protect my phpmyadmin and i want to install it on a remote server and want to use it for rest of the servers.
please help me.

mattsinclair

look up how to create a .htaccess file

Helios

I did it a different way. Someone can tell me if it isn't sound, but as long as no one knows my MySQL user info it has to be sound.

Regardless of how complicated this looks, it's really not and it's secure.

This works with cookies so if your browser doesn't support them then don't use this.

1] Install phpMyAdmin normally. I don't think it HAS to have the correct MySQL user info to be set up because it doesn't use it's own section of a database anymore.

2] Create a .htaccess file. Inside it, type
DirectoryIndex index.html

3] Create an index.html file in the phpMyAdmin folder. Inside this, type
<form action="index.php" method="post">
<input type="text" name="phpmyadminuser">
<br>
<input type="password" name="phpmyadminpass">
<br>
<input type="submit" name="submit">
</form>

4] Open index.php. You need to do some output buffering here, so at the very top insert this...

ob_start("callback");

if((setcookie('phpmyadminuser', $_POST['phpmyadminuser'])) &&
 (setcookie('phpmyadminpass', $_POST['phpmyadminpass'])))
{

and at the bottom insert this...

<?PHP

}
else
{
print"Bugger off";
}

ob_end_flush();

?>

5] Open config.inc.php

Find the appropriate lines (around line 75 to line 81, if you are using the latest version) and replace them with the lines below:

$cfg['Servers'][$i]['controluser']   = $_COOKIE['phpmyadminuser'];          // MySQL control user settings
                                                    // (this user must have read-only
$cfg['Servers'][$i]['controlpass']   = $_COOKIE['phpmyadminpass'];          // access to the "mysql/user"
                                                    // and "mysql/db" tables)
$cfg['Servers'][$i]['auth_type']     = 'config';    // Authentication method (config, http or cookie based)?
$cfg['Servers'][$i]['user']          = $_COOKIE['phpmyadminuser'];      // MySQL user
$cfg['Servers'][$i]['password']      = $_COOKIE['phpmyadminpass'];          // MySQL password (only needed
                                                    // with 'config' auth_type)

Don't forget to test it out for any bugs, and have a friend try to crack it for you or something! You never know if you made a mistake.

Mobster

Not to bring this back from the dead but....

Will this work on older versions of phpMyAdmin?

config.inc.php,v 1.80.2.3

NogDog

Mobster;10885051 wrote:
Not to bring this back from the dead but....

Will this work on older versions of phpMyAdmin?

config.inc.php,v 1.80.2.3

Of course the first thing I'd suggest is that you upgrade to some reasonably recent version of phpMyAdmin.

Other than that, since I don't have immediate access to any 1.x version, all I can tell you is that I just use the following setting in my config file:

$cfg['Servers'][$i]['auth_type']     = 'http';      // Authentication method (config, http or cookie based)?
$cfg['Servers'][$i]['user']          = '';          // MySQL user
$cfg['Servers'][$i]['password']      = '';          // MySQL password (only needed
                                                    // with 'config' auth_type)

This prompts you for a HTTP User Authentication login where you can login with any defined MySQL user.

Mobster

Thanks for that.

I made a mistake on the first post.

The correct version is phpMyAdmin 2.2.7-pl1

I would have to change hosting because believe it or not, that is the only version that will work on this particular server. :rolleyes:

NogDog

Mobster;10885058 wrote:
Thanks for that.

I would have to change hosting because believe it or not, that is the only version that will work on this particular server. :rolleyes:

I suppose they only offer PHP4, too? If so, it's past time for them to either start getting up-to-date with PHP5, or for you to move to a new host. (There will be no more PHP4 releases, including security patches. Of course, if they're still running PHP4, there's a high probability they don't even have the latest version of it. :rolleyes: )