PHPJunkyard support forum


https://developers.phpjunkyard.com/

False positive with mysql_root warning

https://developers.phpjunkyard.com/viewtopic.php?t=7718

Page 1 of 1

False positive with mysql_root warning

Posted: Wed Apr 02, 2025 4:29 pm
by Excalibur
Script URL: HESK
Version of script: 3.5.3

I have deployed HESK to run by nginx under `nginx` user, with socket authorization in MariaDB. This means I have db_host == localhost, db_user == nginx, and db_pass empty. However, because of the check in admin/admin_settings_general.php, I'm always getting warned about MySQL login as root user, which is not possible.

I think that check should include db_user as well.

Re: False positive with mysql_root warning

Posted: Wed Apr 02, 2025 5:39 pm
by Klemen
The warning actually appears if the database password is empty.

You can disable the warning by deleting this code from /admin/admin_settings_general.php

Code: Select all

            if (d.s_db_pass.value=='')
            {
                if (!confirm('<?php echo addslashes($hesklang['mysql_root']); ?>'))
                {
                    return false;
                }
            }

Re: False positive with mysql_root warning

Posted: Thu Apr 03, 2025 4:59 am
by Excalibur
Yes I understand the code. I'm just providing the feedback that the check seems a bit trigger happy, and produces some false positives. I think the condition can be tightened.

Re: False positive with mysql_root warning

Posted: Thu Apr 03, 2025 7:06 am
by Klemen
How would you recommend checking then against accounts with no password?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited