1

This is wat needs to happen:


I need to get user information out a MySql database.

But i don't want to insert the password of my database in the php file. Because that file won't be hosted on my own server. Nobody must see that password when they access the server by ftp and edit the php file.

My first solution that didn't work was opening a php file from my own host and reading the output (i made a script that connects to the database and outputs a long string) and converted the output to an array by splitting the values. This did not work because of security reasons in php.

I can't create a extra account for my database that has read-only access because my host won't allow me. (hostinger.co.uk)

I also thought about using a iFrame and load the file on my host. And read it using javascript to read it. But again, security won't allow me to edit it.

Does someone know a way to fix this?

Improve this question
27
  • 1
    API api api api api echos Commented May 24, 2016 at 1:51
  • You could create code on your site that retrieves the data and then sends it to your buddies server. If you did that, you'd have to make an efficient API to communicate between the two. I am assuming that this is what Darren meant as well, though if you meant something else Darren, correct me brozki :) Commented May 24, 2016 at 1:52
  • I'm actually working with pheanstalk currently, a queue system that uses TCP to communicate to servers via a port. This could be useful for your situation if you decide to take the API route. Commented May 24, 2016 at 1:54
  • wait... that doesn't make sense though, your host wont let you create another username? When you go into phpMyAdmin, you should be able to create another username. I don't see a reason for you to only be limited to one even if your account is "shared hosting" Commented May 24, 2016 at 2:02
  • @Webeng i contacted the support service of my host, and they told me i can't. When i create a database, i can only create 1 user. Even inside phpMyAdmin i can't create a user. It's super weird. Commented May 24, 2016 at 2:14

1 Answer 1

Reset to default
0

OPTION 1:

Since you want to make sure your buddies server doesn't have access to the MySQL server info (username, password, etc), your safest bet is to connect to the database from your server, and just communicate between the two servers what needs to be retrieved.

As Darren mentioned in the comments, an API would do this just fine. Since there are a lot of open source libraries out there that can get the job done, I will recommend you one: pheanstalk

pheanstalk is a php client that works on top of the beanstalk library, which is basically a queue.

You could set up a queue on each server, and configure the communication to happen between the 2 servers. Then you would have worker.php scripts running every second (or 10 seconds or however so often you like) looking for commands being sent from 1 server, taking those commands in, processing them, and sending back the information to the main computer.

OPTION 2:

Instead of accessing your database, you can create a copy of yours, and have his server contain a copy.

Key points of option 2:

If his server isn't capable of carrying a full fledged MySQL database, there is MySQLi, which is very similar, but the only difference is that it is basically a file that you keep in your server. That is the benefit since it is LIGHT (hence the "i" from MySQLi). The downside is that the database isn't as "powerful", some operations might be limited, though that is to be expected, but good none the less.

If your friend has a database however, then better yet since it will have all the capabilities.

Now since I am assuming you would need to keep their copy of your database up-to-date, you can create a function that would send a request to your buddies server on what was updated. This is an API since it is intercommunication between processes behind the scenes, but probably wouldn't need any root access as some other API's might require.

Though the hastle here is that you would literally have to call that function every time you do any updates... :(

Edited:

OPTION 3

After talking a bit with the OP in the comments, another possibility came up. In his particular case, he might be willing to have a file in a public directory available for his buddies user to read. For example, lets say his file was located in:

http://www.example.com/hiddenfiles/dfjios4wr238#@.txt

To access what is inside that file, you would have to know the name (and the name was specifically designed to work as a password, hence even though the information isn't sensative for the OP's specific situation, it's always best practice to stay consistent and think safe xD).

To access the file, the following could be done:

$path = 'http://www.example.com/hiddenfiles/dfjios4wr238#@.txt';
$fileHandle = fopen($path, "r");
while ($line = fgets($fileHandle))
{
  echo "--> {$line}";
}
fclose();
Improve this answer
Sign up to request clarification or add additional context in comments.

10 Comments

Thanks for your reaction! In my case i think it won't work because i have zero-access to my root :( but maybe is this the perfect solution for someone else :) o btw, i'm already using MySQLi for getting data out of my database.. is that a bad thing? haha
I have only 1 problem with the third option, if i use your code and use a file that is hosted on the same server everything works perfect. But when i upload the txt file on a other host the page takes minutes to load and won't output anything. Is there a way to fix this?
Yes there is. Make a copy of that file in your friends site somewhere, and have it updated every... 1 minute or 10 minutes or whatever with a cron job
That way, you only modify the file if it needs updating, and your friends site is the one that has to worry about checking the file periodically, not yours.
@ProMike360 a cron job is easy to make too, good tutorials on youtube
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.