Reputation: 1016
I can connect to the database in a console app but I cannot in a fastcgi version of that
I am making a program to store customer info in a database. I am using mariadb's c++ client mariadbpp. Because I am a newbie in the networking world, I first made a console app which worked. I then tried to make a fastcgi version of that app.
This is the code:
#include <fastcgi++/request.hpp>
#include <fastcgi++/manager.hpp>
//for json
#include <nlohmann/json.hpp>
//for database connection
#include <mariadb++/account.hpp>
#include <mariadb++/connection.hpp>
//for (cryptogrphic) password hashing
//#include <bcrypt/BCrypt.hpp>
//to get mariadb's password
#include <fstream>
class AddUser : public Fastcgipp::Request<char>
{
bool response(){
out << "Content-Type: application/json; charset=utf-8\r\n\r\n";
nlohmann::json json;
//iterators declared in order to check if the required variables are given
auto it_name = environment().gets.find("name"),
it_address = environment().gets.find("address"),
it_phoneNumber = environment().gets.find("phoneNumber"),
it_password = environment().gets.find("password");
/**
* Returning in case of an error because the following checks are preconditions and it
* does not make sense to continue processing if these are not met
*/
if(it_name == environment().gets.end() || it_address == environment().gets.end() ||
it_phoneNumber == environment().gets.end() || it_password == environment().gets.end()){
//give an error if anything is missing
json["error"] = "Unkown parameters";
out << json;
return true;
}
//otherwise get the name, address, etc
std::string name = it_name->second,
address = it_address->second,
phoneNumber = it_phoneNumber->second,
password = it_password->second;
//check if the phone number is 10 digits long
if(phoneNumber.size() != 10){
json["error"] = "Invalid phoneNumber";
out << json;
return true;
}
//check if the phone number only contains digits and not letters
for(const char c : phoneNumber){
if(c < '0' && c > '9'){
json["error"] = "Invalid phoneNumber";
out << json;
return true;
}
}
//get the password
std::ifstream file("/home/Hemil/add-user.txt");
std::string acc_password;
std::getline(file, acc_password);
mariadb::account_ref acc = mariadb::account::create("localhost", "add-user", acc_password, "Customers");
mariadb::connection_ref con = mariadb::connection::create(acc);
/**
//input the credentials into the database
mariadb::statement_ref smt = con->create_statement("insert into Info(Name, Address, PhoneNumber, Password) values(?, ?, ?, ?)");
smt->set_string(0, name);
smt->set_string(1, address);
smt->set_string(2, phoneNumber);
//to hash the password
//BCrypt bcrypt;
//smt->set_string(3, bcrypt.generateHash(password));
smt->set_string(3, password);
/**
* Not returning in case of an error because these are errors on our side.
*/
/**
//execute returns the number of rows affected which should be one because we inserted one row
if(smt->execute() == 1){
//get the customer id
auto getCustomerId = con->create_statement("select LAST_INSERT_ID()");
auto result = getCustomerId->query();
if(result->next()){
uint64_t CustomerId = result->get_unsigned64(0);
json["error"] = nullptr;
json["CustomerID"] = CustomerId;
} else {
json["error"] = "Could not get the Customer ID";
}
} else {
json["error"] = "Could not insert into table";
}
*/
out << json;
return true;
}
};
int main(){
Fastcgipp::Manager<AddUser> manager;
manager.setupSignals();
manager.listen();
manager.start();
manager.join();
}
There is a weird problem. In the current situation (with the insert commented out), it works giving no error outputting null as it should because nlohnamnn::json it never assigned (null be default). If I un-comment that insert, I get the 500 internal server error. This is the error_log:
MariaDB Error(1045): Access denied for user 'add-user'@'localhost' (using password: NO)
In function: connect
In file /home/Hemil/Downloads/mariadbpp/src/connection.cpp
On line 109
terminate called after throwing an instance of 'mariadb::exception::connection'
what(): Access denied for user 'add-user'@'localhost' (using password: NO)
[Thu Mar 14 11:08:38.209250 2019] [fcgid:warn] [pid 8302:tid 139977899874048] [client 127.0.0.1:42144] mod_fcgid: error reading data, FastCGI server closed connection
[Thu Mar 14 11:08:38.209375 2019] [core:error] [pid 8302:tid 139977899874048] [client 127.0.0.1:42144] End of script output before headers: add-user.fcg
[Thu Mar 14 11:08:40.937823 2019] [fcgid:error] [pid 8300:tid 139978589235456] mod_fcgid: process /var/www/cgi-bin/add-user.fcg(8517) exit(communication error), get signal 6, possible coredump generated
The funny thing is I am using the password.
I had disabled database access from network. I believe this is due to the fact that Mariadb is counting localhost as a remote request which is disabled.
P.S: I know its not a good idea to pass password throught GET. I should be using Post. I will change it.
Upvotes: 0
Views: 66
Answers (1)
Reputation: 1016
There is something weird. I found out that I was unable to get the password from the file. Password was a null string. That's how MariaDB complained that the password was not used. I verified this by putting the password in the create method and it works.
But putting the password in the binary is not a good security practice so, I am on the hunt for why I am not able to open the file.
Upvotes: 0
Related Questions
- Can't connect Node.js to remote database MariaDB
- Cant Connect through Socket Access Denied on mariadb 10.6
- not allowed to connect to this MariaDB server in php
- Problems connecting to MariaDB using the Python mysql.connector
- MARIADB - Python Connection Issue
- Error connecting PHP to MariaDB database
- Can't connect Mariadb from remote client
- Cannot connect remotelly to a mariadb server
- can't connect to mariadb properly
- Trying to connect to a MariaDB database in google-cloud but cant connect nor show any error report