0

OK so I have a a PHP file that sends data to the Database and therefore has the username and password etc hard coded into the file.

I am not comfortable with this as I beleive there is a security risk.

Is there anyway I can pull these credentials from somewhere else? maybe using some sort of variable etc

here is how the details are stored:

$ct_host = ($_SERVER['SERVER_NAME'] === 'localhost') ? 'localhost' : 'localhost';
$ct_username = ($_SERVER['SERVER_NAME'] === 'localhost') ? 'root' : 'username';
$ct_password = ($_SERVER['SERVER_NAME'] === 'localhost') ? 'pass' : 'password';
$ct_database = ($_SERVER['SERVER_NAME'] === 'localhost') ? 'phpdevel' : 'databasename';
asked Dec 10, 2015 at 11:26
8
  • I'm voting to close this question as off-topic because it's not about Magento Commented Dec 10, 2015 at 11:30
  • 1
    It sounds more like a random script. You would probably get a more useful response on either stackoverflow or security.stackexchange.com. Specially the last one is founded for security questions Commented Dec 10, 2015 at 11:32
  • 1
    Just read the contents of the local.xml file? $xml = simplexml_load_file('app/etc/local.xml'); Commented Dec 10, 2015 at 11:34
  • I understand where you're coming from but the script is in Magento head and wanted some help regarding pulling a variable like you would with price etc, if that is even possible Commented Dec 10, 2015 at 11:35
  • Ahh ok, in that case might I suggest posting the file path and part of the magento file code to your question to make it more clear what you want to do? Commented Dec 10, 2015 at 11:36

1 Answer 1

1

If you want the standard Magento database credentials you can use the following

$config = Mage::getConfig()->getResourceConnectionConfig("default_setup");
$config->host,
$config->username,
$config->password,
$config->dbname

or

$host = (string)Mage::getConfig()->getNode('global/resources/default_setup/connection/host');
$username = (string)Mage::getConfig()->getNode('global/resources/default_setup/connection/username');
$password = (string)Mage::getConfig()->getNode('global/resources/default_setup/connection/password');
$dbname = (string)Mage::getConfig()->getNode('global/resources/default_setup/connection/dbname');

Or add a second connection just for your script in app/etc/local.xml

<config>
 <global>
 [...]
 <resources>
 [...]
 <default_setup>
 <connection>
 <host><![CDATA[localhost]]></host>
 <username><![CDATA[magento_user]]></username>
 <password><![CDATA[magento_password]]></password>
 <dbname><![CDATA[magento_db]]></dbname>
 <initStatements><![CDATA[SET NAMES utf8]]></initStatements>
 <model><![CDATA[mysql4]]></model>
 <type><![CDATA[pdo_mysql]]></type>
 <pdoType><![CDATA[]]></pdoType>
 <active>1</active>
 </connection>
 </default_setup>
 <custom_setup>
 <connection>
 <host><![CDATA[localhost]]></host>
 <username><![CDATA[custom_user]]></username>
 <password><![CDATA[custom_password]]></password>
 <dbname><![CDATA[custom_db]]></dbname>
 <initStatements><![CDATA[SET NAMES utf8]]></initStatements>
 <model><![CDATA[mysql4]]></model>
 <type><![CDATA[pdo_mysql]]></type>
 <pdoType><![CDATA[]]></pdoType>
 <active>0</active> <!-- probably should be 0 or Magento will use it -->
 </connection>
 </custom_setup>
 </resources>
 [...]
 </global>
 [...]
</config>

And get it via 

$config = Mage::getConfig()->getResourceConnectionConfig("custom_setup");
$config->host,
$config->username,
$config->password,
$config->dbname
answered Dec 10, 2015 at 11:39
1
  • @MikeTimTurner that means there is an error. can you turn on error display or check apache logs? Commented Dec 13, 2015 at 10:05

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.