False positive with mysql_root warning

Excalibur · Post by **Excalibur** » Wed Apr 02, 2025 4:29 pm

Script URL: HESK
Version of script: 3.5.3

I have deployed HESK to run by nginx under `nginx` user, with socket authorization in MariaDB. This means I have db_host == localhost, db_user == nginx, and db_pass empty. However, because of the check in admin/admin_settings_general.php, I'm always getting warned about MySQL login as root user, which is not possible.

I think that check should include db_user as well.

Post by **Klemen** » Wed Apr 02, 2025 5:39 pm

The warning actually appears if the database password is empty.

You can disable the warning by deleting this code from /admin/admin_settings_general.php

Code: Select all

            if (d.s_db_pass.value=='')
            {
                if (!confirm('<?php echo addslashes($hesklang['mysql_root']); ?>'))
                {
                    return false;
                }
            }

Excalibur · Post by **Excalibur** » Thu Apr 03, 2025 4:59 am

Yes I understand the code. I'm just providing the feedback that the check seems a bit trigger happy, and produces some false positives. I think the condition can be tightened.

Post by **Klemen** » Thu Apr 03, 2025 7:06 am

How would you recommend checking then against accounts with no password?

PHPJunkyard support forum

False positive with mysql_root warning

False positive with mysql_root warning

Re: False positive with mysql_root warning

Re: False positive with mysql_root warning

Re: False positive with mysql_root warning