Doubt over PDO connection

1

And to folks, I have a question about the PDO connection.

This is the connection I have in the script I'm configuring:

<?php

function getDB() {
    $dbHost = 'host';
    $db     = 'bd';
    $dbUser = 'user';

    # Get database password from outside of web root
    $fileLoc = $_SERVER['DOCUMENT_ROOT'] . '/../passwords.txt';
    if (file_exists($fileLoc)) {
        $fh = fopen($fileLoc, 'r');
        $jsonStr = fgets($fh);
        $arr = json_decode($jsonStr, true);
        $dbPass = $arr['default-password'];
        fclose($fh);
    } else {
        die('no file found');
    }

    $db = new PDO("mysql:host=$dbHost;dbname=$db;charset=utf8mb4", $dbUser, $dbPass);
    return $db;
}

function getSteamProfileInfoForSteamID($allUsersInfoStr, $steamIDToFind) {
    $allUsersInfo = json_decode($allUsersInfoStr, true);
    $players = $allUsersInfo['response']['players'];

    foreach ($players as $player) {
        $steamID = $player['steamid'];
        $player['personaname'] = htmlentities($player['personaname']);

        if ($steamIDToFind === $steamID) {
            return $player;
        }
    }

    # If the user is not found, then return false
    return false;
}

function jsonSuccess($data) {
    return json_encode(array('success' => 1, 'data' => $data));
}

function jsonErr($errMsg) {
    return json_encode(array('success' => 0, 'errMsg' => $errMsg));
}

function getSteamAPIKey() {
    $fileLoc = $_SERVER['DOCUMENT_ROOT'] . '/../passwords.txt';
    if (file_exists($fileLoc)) {
        $fh = fopen($fileLoc, 'r');
        $jsonStr = fgets($fh);
        $arr = json_decode($jsonStr, true);
        $key = $arr['steamAPIKey'];
        fclose($fh);
        return $key;
    } else {
        die('no file found');
    }
}

function postVar($varName) {
    $var = isset($_POST[$varName]) ? $_POST[$varName] : null;

    if (is_null($var) || strlen($var) === 0) {
        return null;
    } else {
        return $var;
    }
}

function getVar($varName) {
    $var = isset($_GET[$varName]) ? $_GET[$varName] : null;

    if (is_null($var) || strlen($var) === 0) {
        return null;
    } else {
        return $var;
    }
}
?>

This connection is looking for the password in a txt file inside the root, but I do not have access to the root of my hosting, does anyone know how to change the password in the code?

    
asked by anonymous 26.10.2015 / 16:08

1 answer

2

Just remove the snippet of the search code and manually enter the values in the variables declared above, and NEVER put database password in txt files or files that are read through the browser, it is a fatal security error, your getDB function will look like this:

function getDB() {
    $dbHost = 'host'; // host
    $db     = 'bd'; // nome do banco
    $dbUser = 'user'; // usuário
    $dbPass = 'pass'; // criada aqui a variável para a senha, atribua o valor

    $db = new PDO("mysql:host=$dbHost;dbname=$db;charset=utf8mb4", $dbUser, $dbPass);
    return $db;
}

I hope it helps, hugs

    
26.10.2015 / 16:35