Access Denied

Hi,
My website is live on the internet if anybody has time to look at it, it is greatly appreciated. mickshotels.com. I am getting an error about undefined index and access denied, but I cannot find the root of the problem, because when I use a basic script to test the database connection and basic queries, everything works fine. Below is the code from the privacy policy page. The other thing I noticed is when you click view source, it gives my username and password to the database, which obviously seems like a major risk for me. Any help is greatly appreciated.

[code]<?php
require(“includes/z_db.php”);
require(“includes/session.php”);

$userid = $_SESSION[‘view_userid’];
$hotelname = $_REQUEST[‘hotel_name’];
$city = $_REQUEST[‘city’];

/* http://www.hydraxil-de.com/order_now.php /
/if (($_POST[‘search’]) || ($_POST[‘back_btn’])){/
/
$hotelname = $_POST[‘hotel_name’];
$city = $_POST[‘city’];/
// $venue = $_POST[‘venue’];
$get_city_id = mysql_fetch_array(mysql_query(“select id from city where title =’$city’”));
$res_cityid=$get_city_id[‘id’];
/
$get_location_type_id = mysql_fetch_array(mysql_query(“select id from location_type where (title like ‘%$venue%’)”));
$res_location_type_id=$get_location_type_id[‘id’];*/
if (($hotelname) && ($city))
$get_category = mysql_query("select distinct * from hotel where (title like ‘%$hotelname%’) and (city_id =’$res_cityid’) ");
else if ($hotelname)
$get_category = mysql_query("select distinct * from hotel where (title like ‘%$hotelname%’) ");
else if ($city)
$get_category = mysql_query("select distinct * from hotel where (city_id =’$res_cityid’) ");

	/*$get_category =  mysql_query("select distinct * from hotel where (city_id in (select city_id from location where location_type_id = '$res_location_type_id')) and (city_id ='$res_cityid') ");	*/

/}/
?>

Hotel Deals, Cheap Hotels, Worldwide Hotels
    <div id="search_top">
    <form name="search_form" action="land.php" method="post">
            <table>
               <tr>
                 <td> Enter Hotel Name:<?  echo $hotelname; ?></td>
                  <td> Enter City: <?  echo $city; ?></td>
                
               </tr>
               <tr>
                 <td><input name="hotel_name"  type="text"  value="<? echo $hotelname; ?>"/></td>
                 <td><input name="city"  type="text"  value="<? echo $city; ?>"/></td>
                 </tr>
                 <td><input name="search"  type="submit"  value="Search" /></td>
                 <td></td>
               </tr> 

               
              </table>
                    
   </form>
    </div>
    </div>

PRIVACY POLICY

<? $no_rows = mysql_num_rows($get_category); ?>
 <?
 while($row = mysql_fetch_assoc($get_category)) { ?>
<? } ?>
This Privacy Policy governs the manner in which mickshotels.com collects, uses, maintains and discloses information collected from users (each, a "User") of the www.mickshotels.com website ("Site"). This privacy policy applies to the Site and all products and services offered by mickshotels.com.

Personal identification information

We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, place an order, subscribe to the newsletter, respond to a survey, fill out a form, and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address, mailing address, phone number, credit card information. Users may, however, visit our Site anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site related activities.

Non-personal identification information

We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.

Web browser cookies

Our Site may use "cookies" to enhance User experience. User's web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. User may choose to set their web browser to refuse cookies, or to alert you when cookies are being sent. If they do so, note that some parts of the Site may not function properly.

How we use collected information

mickshotels.com may collect and use Users personal information for the following purposes:

- To improve customer service
Information you provide helps us respond to your customer service requests and support needs more efficiently.
- To personalize user experience
We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.
- To process payments
We may use the information Users provide about themselves when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service.
- To share your information with third parties
We may share or sell information with third parties for marketing or other purposes.
- To send periodic emails
We may use the email address to send User information and updates pertaining to their order. It may also be used to respond to their inquiries, questions, and/or other requests. If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or User may contact us via our Site.

How we protect your information

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.

Sensitive and private data exchange between the Site and its Users happens over a SSL secured communication channel and is encrypted and protected with digital signatures.

Sharing your personal information

We may use third party service providers to help us operate our business and the Site or administer activities on our behalf, such as sending out newsletters or surveys. We may share your information with these third parties for those limited purposes provided that you have given us your permission.

Third party websites

Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website's own terms and policies.

Advertising

Ads appearing on our site may be delivered to Users by advertising partners, who may set cookies. These cookies allow the ad server to recognize your computer each time they send you an online advertisement to compile non personal identification information about you or others who use your computer. This information allows ad networks to, among other things, deliver targeted advertisements that they believe will be of most interest to you. This privacy policy does not cover the use of cookies by any advertisers.

Google Adsense

Some of the ads may be served by Google. Google's use of the DART cookie enables it to serve ads to Users based on their visit to our Site and other sites on the Internet. DART uses "non personally identifiable information" and does NOT track personal information about you, such as your name, email address, physical address, etc. You may opt out of the use of the DART cookie by visiting the Google ad and content network privacy policy at http://www.google.com/privacy_ads.html

Changes to this privacy policy

mickshotels.com has the discretion to update this privacy policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.

Your acceptance of these terms

By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.

Contacting us

If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at:
mickshotels.com
www.mickshotels.com
613-558-9338
[email protected]

This document was last updated on December 18, 2012

Privacy policy created by http://www.generateprivacypolicy.com

@2012 MicksHotels.com. Privacy | Terms and Conditions | Contact Us

[/code]

Please supply the actual error messages.

I went to the users website and below are the error message it shows, after performing a search.

Notice: Undefined index: view_userid in C:\inetpub\wwwroot\mickshotels\land.php on line 4

Warning: mysql_query(): Access denied for user ‘’@‘localhost’ (using password: NO) in C:\inetpub\wwwroot\mickshotels\land.php on line 13

Warning: mysql_query(): A link to the server could not be established in C:\inetpub\wwwroot\mickshotels\land.php on line 13

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\inetpub\wwwroot\mickshotels\land.php on line 13

Warning: mysql_query(): Access denied for user ‘’@‘localhost’ (using password: NO) in C:\inetpub\wwwroot\mickshotels\land.php on line 18

Warning: mysql_query(): A link to the server could not be established in C:\inetpub\wwwroot\mickshotels\land.php on line 18

It would be helpful to see the code in these 2 files…

require(“includes/z_db.php”);
require(“includes/session.php”);

You can replace usernames and passwords with xxxxx’s

Okay that error was simple, it’s because here was no <?php at the beginning. But now it’s still not giving me search results. Any ideas? Don’t worry about seeing pictures, I haven’t set up the pictures folder yet. The search fields are showing the query.

[code]<?

error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR);

$dbservertype=‘mysql’;
$servername=‘localhost’;
// username and password to log onto db server
$dbusername=‘xxxx’;
$dbpassword=‘xxxxx’;
// name of database
$dbname=‘mickshotels’;
global $link;
$link=mysql_connect($servername,$dbusername,$dbpassword);
if(!$link){die(“Could not connect to MySQL”);}
mysql_select_db("$dbname",$link) or die (“could not open db”.mysql_error());

/*
connecttodb($servername,$dbname,$dbusername,$dbpassword);

function connecttodb($servername,$dbname,$dbuser,$dbpassword)
{
global $link;
$link=mysql_connect ($servername","$dbuser","$dbpassword);
if(!$link){die(“Could not connect to MySQL”);}
mysql_select_db("$dbname",$link) or die (“could not open db”.mysql_error());
}*/
?>[/code]

[code]<?php
session_start();
//session_register(“session”);

?>[/code]

The account your using the query the database does not have permissions in the database for the local server. so basically once you change the accounts permissions to localhost or % it should work.

Hi Andrew,
I checked the permissions for the username on the users table in Phpmyadmin and all access is granted for “root@localhost.” But it looks like the script is not trying to use that account see the error where it says:

“Warning: mysql_query(): Access denied for user ‘’@‘localhost’ (using password: NO).” Any idea why there is no username before “@localhost.”

Am I looking in the wrong place. By the way, when I use a basic script on the same website, I am able to pull up results. For example, if I use this testpage on the live site:

[code]<?php
$username = “root”;
$password = “xxxxx”;
$hostname = “localhost”;

//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password)
or die(“Unable to connect to MySQL”);
echo “Connected to MySQL
”;

//select a database to work with
$selected = mysql_select_db(“mickshotels”,$dbhandle)
or die(“Could not select examples”);

//execute the SQL query and return records
$result = mysql_query(“SELECT title FROM hotel”);

//fetch tha data from the database
while ($row = mysql_fetch_array($result)) {
echo “Title:”.$row{‘title’}."
";
}
//close the connection
mysql_close($dbhandle);
?>

Untitled 1 [/code]

Any help is greatly appreciated.

Micheel3000

Actually it isn’t using the password either (using password: no). I’m not sure why, your syntax seem to be correct. Sure this is the right connection?

It might be a push in the direction of updating your code ^^ You should seriously consider changing to PDO / mysqli.

[php]<?php
$link = mysql_connect(‘localhost’, ‘mysql_user’, ‘mysql_password’);
if (!$link) {
die('Could not connect: ’ . mysql_error());
}
echo ‘Connected successfully’;
mysql_close($link);
?>[/php]

Create another PHP page and paste in the above code with your database information. One way or another you will know if your connection information is correct once you have the information correct the we can trouble shoot your code.

Thanks for your comment, I plugged in the connection page and it gave me a connection successful response on the server.

After looking at your code…

You’re short-cutting <?php with <? in various spots…

I think you need to set some property in you INI to shortcut php opening tags. The Guru’s here can correct me.

But that’s why nothing is displaying for you, I can see it in your HTML source on your website below.

[php]







<!–? echo $row[‘address’];
$cityid = $row[‘city_id’];
$countryid = $row[‘country_code’];
$get_city = mysql_fetch_array(mysql_query(“select title from city where id =’$cityid’”));

  $get_country = mysql_fetch_array(mysql_query("select title from country where code ='$countryid'"));
 ?-->
 
<br> <!--? echo $get_city['title']; ?-->
<br> <!--? echo $get_country['title']; ?-->
  <br>

<a href="details.php?hotelid=&lt;? echo $row['id'];?&gt;&amp;&amp;hotel_name=&lt;? echo $hotelname; ?&gt;&amp;&amp;city=&lt;? echo $city; ?&gt;">Click here to view details</a></p>
[/php]

It’s called Short Open Tags…

http://php.net/manual/en/ini.core.php

You probably have it turned off, but you really shouldn’t use that. You should define it as <?php not <?

Topcoder is right, you should not use short tags.

Just fyi there’s a difference between short tags and short echo’s, which are/will not be affected by disabling short tags. These are great for templates and should be safe to use.
[php]


Some html stuff
<?= $urlText ?>
[/php]

Thank you for your help,
I tried changing the short tags option it in the php.ini file, but that didn’t seem to do anything, so I just went through and manually changed the code, and the site is fully functional now. Thanks for all your help.

Sponsor our Newsletter | Privacy Policy | Terms of Service