MyBB Community Forums

Hi to every single one of you,

I ventured into phpMyAdmin in order to have access and change a few things from inside the MyBB database

MySQL and MariaDB user is set and even with all privileges I get these errors now

[color=#000000][font=sans-serif][size=medium]mysqli::real_connect(): (HY000/1045): Access denied for user 'pma'@'localhost' (using password: YES)[/size] [/font][/color]

[color=#000000][font=sans-serif][size=medium]Connection for controluser as defined in your configuration failed.[/size][/font][/color]

I triple checked MariaDB config file, permissions and it should have full access to any database inside PhpMyAdmin and I am thinking that the issue is now there...

Have someone tripped on this also and found a fix...

If you could lend me a hand in this I would appreciate it
Jamie

If your MyBB instance is still working, get those credentials from your /inc/config.php.  Section on database configuration in there.

pma is a user likely created during creation of MySQL configuration storage. For internal phpMyadmin purposes.

Never use pma user. It doesn't work and it's a security hole. It's like if you runned your site as root user.
You must have a "real" user, or create it and use it.

(2023-04-24, 03:25 PM)Crazycat Wrote: [ -> ]Never use pma user. It doesn't work and it's a security hole. It's like if you runned your site as root user.
You must have a "real" user, or create it and use it.

Crazycat you may not believe it but all VPS was configured by a supposed specialist. That installed Ubuntu with an admin control panel other than cPanel and grabbed the forum from shared hosting to the VPS.

What you told me got me panicking! Yesterday I created the root user on MySQL over MariaDB and then I saw an article on how to really secure it. It was by then that I knew that using root was also a huge mistake and now you show me and explain to me in black in white why!

But still, I have PhpMyAdmin asking for a pma user that doesn't exist and I can't really get my hands on the database and do things like..... get columns name/date of birthday/email for e-newsletters. Remove everything from usernames that got deleted, since the posts and threads still remain there.

Using the data on the dB (username; email; date of birth) to call back users via a regular eNewsletter to show them reasons to come to the forum.

Doing this via database gives me the freedom to use any email service that better suits our needs and budget.

I do have a big problem that is connected with returning members. The lost password recovery page doesn't send any email to any user at all. This is the worse we can do!


What would you do, if you were me?

Thanks
Jamie

(2023-04-24, 10:24 PM)Jamie Wolf Wrote: [ -> ]

(2023-04-24, 03:25 PM)Crazycat Wrote: [ -> ]Never use pma user. It doesn't work and it's a security hole. It's like if you runned your site as root user.
You must have a "real" user, or create it and use it.

Crazycat you may not believe it but all VPS was configured by a supposed specialist. That installed Ubuntu with an admin control panel other than cPanel and grabbed the forum from shared hosting to the VPS.

What you told me got me panicking! Yesterday I created the root user on MySQL over MariaDB and then I saw an article on how to really secure it. It was by then that I knew that using root was also a huge mistake and now you show me and explain to me in black in white why!

But still, I have PhpMyAdmin asking for a pma user that doesn't exist and I can't really get my hands on the database and do things like..... get columns name/date of birthday/email for e-newsletters. Remove everything from usernames that got deleted, since the posts and threads still remain there.

Using the data on the dB (username; email; date of birth) to call back users via a regular eNewsletter to show them reasons to come to the forum.

Doing this via database gives me the freedom to use any email service that better suits our needs and budget.

I do have a big problem that is connected with returning members. The lost password recovery page doesn't send any email to any user at all. This is the worse we can do!


What would you do, if you were me?

Thanks
Jamie

Any update?