Hello I made easy script to protect your database ; )
I make this script for users who don't know how to make database safe or who is lazzy and need to use script for it! Addon script have very easy config. : )
How Script Works?
How do run Script?
Why it's protect?
Because anyone cannot login to your phpMyAdmin, because default accounts root@% and both PMA acocunts are deleted and in root@localhost you have very hard password.
SCRIPT:
Thanks!
Yours, Azi (ersiu).
I make this script for users who don't know how to make database safe or who is lazzy and need to use script for it! Addon script have very easy config. : )
How Script Works?
- Delete unnecessary accounts (in default: root@%, pma@%, pma@localhost) - you can add more (but it's default accounts)
- Change password (auto-generated, hard) for account root@localhost (you can add more accounts, but it's one default)
- Script file auto delete when security changes are done.
How do run Script?
- Make any file (ex. safedb.php) in your htdocs folder
- run this script (ex. http://localhost/safedb.php)
- Save new password for root account (from the display log)
Why it's protect?
Because anyone cannot login to your phpMyAdmin, because default accounts root@% and both PMA acocunts are deleted and in root@localhost you have very hard password.
SCRIPT:
PHP:
<?PHP
// Make Your Database Safe! //
// Version 2.0 - by Ersiu[Azi] //
$config = array(
"dbHost" => "localhost",
"dbUser" => "root",
"dbPass" => "",
"deleteUsers" => array(
array("root", "%"),
array("pma", "localhost"),
array("pma", "%"),
),
"changePassword" => array(
array("root", "localhost", generatePassword()),
)
);
error_reporting(0);
function generatePassword($length=10){
$chars = array(
array(48, 57), // numbers
array(65, 90), // upper case letters
array(97,122), // lower case letters
#array(33, 43) // special chars
);
$password = "";
for($i=1; $i<$length; $i++){
$charset = rand(0, count($chars)-1);
$password .= chr(rand($chars[$charset][0], $chars[$charset][1]));
}
return $password;
}
function deleteDBUsers($accounts = array()){
if(count($accounts)>0){
for($i=0; $i<=count($accounts)-1; $i++){
if(MySQL_Query("DROP USER '".addslashes($accounts[$i][0])."'@'".addslashes($accounts[$i][1])."';")){
$returns[] = "\"".addslashes($accounts[$i][0])."\"@\"".addslashes($accounts[$i][1])."\" - account has been deleted.!";
}else{
$returns[] = "\"".addslashes($accounts[$i][0])."\"@\"".addslashes($accounts[$i][1])."\" - account has not been deleted.!";
}
}
}else{
$returns[] = "No delete accounts list set.";
}
return $returns;
}
function changeDBUserPass($accounts){
if(count($accounts)>0){
for($i=0; $i<=count($accounts)-1; $i++){
if(MySQL_Query("SET PASSWORD FOR '".addslashes($accounts[$i][0])."'@'".addslashes($accounts[$i][1])."' = PASSWORD( '".addslashes($accounts[$i][2])."' )")){
$returns[] = "\"".addslashes($accounts[$i][0])."\"@\"".addslashes($accounts[$i][1])."\" - User Password has been changed for <B>\"".addslashes($accounts[$i][2])."\"</B>.!";
}else{
$returns[] = "\"".addslashes($accounts[$i][0])."\"@\"".addslashes($accounts[$i][1])."\" - User Password has not been deleted.!";
}
}
}else{
$returns[] = "No change password accounts list set.";
}
return $returns;
}
$connection = MySQL_Connect($config["dbHost"], $config["dbUser"], $config["dbPass"]);
if($connection){
$delete = deleteDBUsers($config["deleteUsers"]);
for($i=0; $i<=count($delete)-1; $i++){
echo $delete[$i]."<BR>";
}
$changePass = changeDBUserPass($config["changePassword"]);
for($i=0; $i<=count($changePass)-1; $i++){
echo $changePass[$i]."<BR>";
}
MySQL_Close($connection);
}else{
echo "Cannot connect to MySQL Database.";
}
unlink($_SERVER["SCRIPT_FILENAME"]);
?>
Thanks!
Yours, Azi (ersiu).