Last updated on February 7th, 2022 at 09:58 am
PHPMyAdmin Authentication, Set Username and Password Using Cookies
Enable authentication for PHPMyAdmin is the next big step you need to take once you have installed XAMPP, LAMP , WAMP or PHP application with Nginx. Basically any configuration that has PHP/MySQL. I am doing the below steps on Ubuntu. Same can be followed in RedHat/CentOS/Amazon Linux etc.,
Note: You may also follow the same steps in Windows as this is all changed on the PHPMyAdmin application level so all configuration should be standard.
Here I am downloading the latest phpMyAdmin-5.1.2 . Go to https://www.phpmyadmin.net/downloads/ and download the file.
Extract (gunzip/untar) the file under your document root /var/www/html or any location you use as a root directory(your choice).
Once extracted you will get a folder name similar to phpMyAdmin-x.x.x-english, since I downloaded version 5.1.2 my folder name is phpMyAdmin-5.1.2-english. Make sure to rename this default folder to something else.
Tip: Don’t name folder phpMyAdmin-5.1.2-english to phpmyadmin or PHPMyAdmin etc., because these are obvious and you might easily get attacked from external bots/hackers. Name it to something that cannot be easily guessed .
Very first step you need to do is find the config.inc.php file located inside the phpmyadmin or the custom directory you just created. Take a backup of this file before proceeding(if you already have one.).
There is also a chance the folder is missing config.inc.php file. If that is the case you just have to do the step below to create config.inc.php. There will be a file named config.sample.inc.php, just issue
cp config.sample.inc.php config.inc.php
Next step is to change the configuration mainly on these lines
TIP: By default $cfg[‘Servers’][$i][‘AllowNoPassword’] is set to false. This will prevent any logins without password. Great security feature.
1) Change auth_type=’cookie’
$cfg['Servers'][$i]['auth_type'] = 'cookie';
So now your config file will look like this
/* Authentication type and info */ $cfg['Servers'][$i]['auth_type'] = 'cookie'; $cfg['Servers'][$i]['user'] = 'root'; $cfg['Servers'][$i]['password'] = ''; $cfg['Servers'][$i]['extension'] = 'mysqli'; $cfg['Servers'][$i]['AllowNoPassword'] = true;
Go to URL http://localhost/phpmyadmin/, you will be seeing a login screen. Enter ‘root’ as Username then click GO. You will be logging in to PHPMYADMIN page.
If you have a user already set up then provide that username and password in the login screen. This should take you to the PHPMyAdmin homepage.
You might be wondering that you have not provided password to login. How to fix that?
Yes for that you need to first access your MYSQL instance and set a password for your mysql root user. We will see that in a bit. A point to note here is that your password for successfully logging in to phpmyadmin will be your mysql instance root password. Even if you set some password for the variable
$cfg['Servers'][$i]['password'] = 'MYOWNPASSWORD';
in the configuration file you will not be able to see MYSQL page and will get an error saying ‘Cannot log in to the MySQL server’
So in order to fix this, Once you are in the phpmyadmin page [You should leave the password variable blank as shown above to login successfully]. Click on SQL and run this query. Make sure to use your own password here.
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('mynewpass')
Latest version of MySQL you need to try the below query to set password
SET PASSWORD FOR 'root'@'localhost' = 'yourpassword';
You should be seeing something similar.
Great!! You have set password for your mysql instance. One last step is Change AllowNoPassword=false in the config file.
$cfg['Servers'][$i]['AllowNoPassword'] = false;
Save the file !!
Now reload the page http://localhost/phpmyadmin/ and provide username and password. Authentication for PHPMyAdmin has been successfully configured. For me it is ‘root’ and ‘mynewpass’. Now your PHPMYADMIN is secure 🙂
You can make it more secure by changing this value in the config.inc.php file
$cfg['blowfish_secret'] = 'xampp'; /* YOU SHOULD CHANGE THIS FOR A MORE SECURE COOKIE AUTH! */