PHP 5.4 PDO could not connect to MySQL 4.1+ using the old insecure authentication

mysql php pdo

I know there are a tonne of similar questions, in fact I've read all (9) of them.

However, none of them solve my problem.

I have a shared-hosting package (the minimum). What's included in my package is the domain name, and a separate IP address where the MySQL server is hosted. For development, I'm using http://localhost/ with PHP 5.4's development server, and I'm using the MySQL server I get in my hosting package.

The problem arises only on my PC, because I have installed PHP 5.4, but my web host has installed PHP 5.2.17 and won't upgrade. The MySQL server is on MySQL 5.1.50.

Luckily, phpMyAdmin has a built-in "Change Password" feature.

There are two hashing options in phpMyAdmin for changing a password:

  • MySQL 4.1+
  • MySQL 4.0 compatible

I changed the password with the MySQL 4.1+ option, and it confirmed the update was successful.

The profile has been updated. SET PASSWORD = PASSWORD( '***' )

However, when I perform this query:

SELECT @@global.old_passwords, @@session.old_passwords, Length(PASSWORD('abc'));

It tells me the password length is still 16. Output:

1     1     16

And so the problem persists.

Could not connect to database. SQLSTATE[HY000] [2000] mysqlnd cannot connect to MySQL 4.1+ using the old insecure authentication. Please use an administration tool to reset your password with the command SET PASSWORD = PASSWORD('your_existing_password'). This will store a new, and more secure, hash value in mysql.user. If this user is used in other scripts executed by PHP 5.2 or earlier you might need to remove the old-passwords flag from your my.cnf file

I've also tried to do these queries, when logged in with the DBO user in phpMyAdmin:

SET SESSION old_passwords=0; 
[phpMyAdmin reloads to the home screen, but the value remains = 1]

SET GLOBAL old_passwords = 0;
#1227 - Access denied; you need the SUPER privilege for this operation

FLUSH PRIVILEGES;
#1227 - Access denied; you need the RELOAD privilege for this operation

This is contradictory to what is stated in the webhost's menu for setting the DBO user:

Database Owner
When you create a new database, you need to specify a Database Owner (DBO) User, which will have
full administrator access to the database.

Is this something I have to take up with my webhosts? Or can it be solved by my DBO user? Otherwise can this be bypassed in PHP? (since it works with PHP 5.2.17 but not PHP 5.4)


Solution 1:

SOLVED!

Although the SET SESSION old_passwords=0; wasn't working in phpMyAdmin.

I downloaded the MySQL GUI Tools and used the MySQL Query Browser to execute the same command on non-DBO user:

SET SESSION old_passwords = 0;

SELECT @@global.old_passwords, @@session.old_passwords, Length(PASSWORD('abc'));

now returned:

1      0      41

So I simply changed the password:

SET PASSWORD = PASSWORD('my_old_password')

And now PHP 5.4 PDO connects to the database with that user!

Solution 2:

In phpMyAdmin, setting the session variable will work, but the call to the password function must occur in the same session/execution.

For example, if I execute:

SET SESSION old_passwords = 0;
SET PASSWORD = PASSWORD('notagoodpassword');

It will correctly set it.

Related

Handling end process of a windows app
C++ streams confusion: istreambuf_iterator vs istream_iterator?
Entitymanager.flush() VS EntityManager.getTransaction().commit - What should I prefer?
Suppress and ignore output for Makefile?
Long imports in Python
Running Groovy script from the command line
What's the difference between lineSpacingExtra and lineSpacingMultiplier?
How to generate statically linked executables?
Autofill populating wrong fields
Correct Type annotation for __init__
Why is .NET exception not caught by try/catch block?
How to gracefully shutdown emacs daemon? [closed]