DB script hacked or?

fredep57 · February 24, 2014, 3:36pm

I hope this is in the right place, and if not please move it to the correct area.

OK, I have a file that is supposed to hook to my DB. The file is below:

<?PHP

function get_db_connection()
{
	// Connection Variables
	$hostname="localhost";
	$mysql_login="someuser";
	$mysql_password="someuser_pw";
	$database='main';
	
	
	try
	{
		// Connect to the database server
		$pdo = new PDO("mysql:dbname=$database; host=$hostname", $mysql_login, $mysql_password);
		$pdo->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
		$pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE,PDO::FETCH_ASSOC);
				
		if ( $pdo )
		{
			//echo 'connected';
			return ($pdo);
		}
		else
		{
			echo 'DB error';
			
		}
	}
	
	catch (PDOException $e) {
    echo 'Connection failed: ' . $e->getMessage();
	}
}
?>

However, on the live site, when I try to use it in the php file, I get an error log entry that says:

[24-Feb-2014 08:24:43 America/Denver] PHP Warning: mysql_query(): Access denied for user ‘ryanholman’@‘localhost’ (using password: NO) in SponsorsPDOnonAlphaAdv.php on line 47
SponsorsPDOnonAlphaAdv.php is the calling php script and does not pass any information about the DB, just gets the return $pdo if the connection is done appropriately.

So, have I been hacked? Or why is it trying to use the “ryanholman@localhost” to log on to the DB? I don’t know a ryan holman.

Thanks for any help.
E

Rubble · February 24, 2014, 3:46pm

If you do not have ryanholman@localhost in your script is there another version of the database connect on the server - did you use an example from ryan holman to write your code?

Try echoing the connection variables in SponsorsPDOnonAlphaAdv.php file to see what it thinks it is using.

mysql_query(): in the error looks a bit strange as you are using pdo - did you use to use MySQL and have changed over to pdo and not changed the include value?