1

I'm working on getting the client to login to mysql without them entering the user / password combination. I can't use the option to update the main mysql password in config.inc.php as I have multiple user accounts and each with their own grant privileges.

Can someone get me in the right way to get this done?

I've read somewhere here on stackoverflow that its possible to post data to the form directly, however, just when I started to try testing it from CURL (just testing), I then noticed it also has a token which changes I guess ...

So could someone let me know if its possible and how this is done? Think of cPanel and their auto-login feature to phpmyadmin using the master mysql account.

Thank you and I hope someone can help here, I really could not find anything useful on the internet ...

Kind regards

Vasile-Bogdan Raica
  • 71
  • 3
  • 9

3 Answers3

2

Two ideas come to mind (in addition to the very good suggestion mentioned by Julien R about letting the browser remember the username and password).

Using the information found here, you could craft a custom (bookmarkable, even) URL like http://example.com/phpmyadmin/index.php?pma_username=foo&pma_password=bar. The problem, as is probably immediately obvious, is placing the password in plain text in your request.

The second option I see is to create a custom login script with the "signon" auth_type (see the examples subdirectory for help creating this). That way you can provide your own single sign-on type authentication and pass along the MySQL username and password to phpMyAdmin rather transparently to the user.

Isaac Bennetch
  • 11,830
  • 2
  • 32
  • 43
  • signon was indeed what I was looking for. Thank you. – Vasile-Bogdan Raica Jun 29 '14 at 10:59
  • For whoever wants to use the first option. HTTPS connection encrypts the url parameters. the only "public" part is server name as explained in this question: https://stackoverflow.com/questions/499591/are-https-urls-encrypted which makes the first option safe if you use https connection – Kyborek Mar 20 '19 at 12:47
  • Using HTTPS does not make the first option safe to use. The password is still leaked in a number of places, ie, the browser history, the http server access log file, referer headers and any other network devices that may log the request, such as proxy servers. submitting a password in a get request is a no-no, regardless if the request is encrypted or not. – Joao Costa Mar 25 '19 at 09:46
  • Support for using the pma_username and pma_password parameters was removed in phpMyAdmin 4.9.0 https://docs.phpmyadmin.net/en/latest/faq.html#which-parameters-can-i-use-in-the-url-that-starts-phpmyadmin – Kyborek Mar 18 '20 at 09:16
  • Kindly explain how does the sign on work its what I need I just don't know how to get started – joseph emmanuel Apr 06 '20 at 03:03
0

As an alternative you could use a browser extension which automatically fills the login form with the user info.

Of course, you will have to manually fill the info at least once per user.

Julien R
  • 406
  • 3
  • 13
  • Need something to log them automatically, so unfortunately not a solution. Also I would plainly give the public the user/password if I got what you said right. Sorry, but no. – Vasile-Bogdan Raica Jun 25 '14 at 13:24
-1

Just rename config.inc.php to config.inc----.php

Mark Rotteveel
  • 100,966
  • 191
  • 140
  • 197
Syam Mohan M P
  • 1,047
  • 8
  • 23
  • Could you explain / elaborate more... I tried doing this but not sure what changed.... token's still there. – Vasile-Bogdan Raica Jun 25 '14 at 13:22
  • do you have an access to phpMyAdmin Application folder ? – Syam Mohan M P Jun 25 '14 at 13:33
  • You just go to the phpMyAdmin application folder. then you can see the file named as config.inc.php. You just rename that file to any other name or delete it. Then call URL in browser , you can see the login box of phpMyAdmin – Syam Mohan M P Jun 25 '14 at 13:38
  • Well I'm trying to get them logged int automatically instead, not showing them the login box. Maybe I'm not understanding what you mean, but I don't see this helping. – Vasile-Bogdan Raica Jun 25 '14 at 14:37