Hi all,
I’m trying to make a somehow “advanced” user authentication system fro
my own web site. What I’m using as a model example, is the
authentication system explained by Luke Welling & Laura Thomson in their
book “PHP and MySQL Web Development”. In the book, they explain how to
make apparently a perfect user authentication system, but only for one
level users. I would like to change that somehow in order to make my
scripts recognize whether the user is an Administrator or a Common User,
identified by a “authlevel” field in my DB (1 for Admin – 2 for Users).
I’m making all my web sites, by using an “include” schema, so the user
is authenticated only in the Header (included in all the pages).
What I have so far is:
<?
// this is where the original script begin
session_start();
if ($userid && $password)
{
$db_conn = mysql_connect("localhost", "user", "password");
mysql_select_db("dbname", $db_conn);
$query = "SELECT * FROM auth WHERE authname = '$username' AND
authpass = password('$password') AND authlevel = 1";
$result = mysql_query($query, $db_conn);
if (mysql_num_rows($result) > 0)
{
$valid_user = $userid;
session_register("valid_admin");
}
// this is what I tried to add
else if (mysql_num_rows($result) >= 0)
{
$query1 = "SELECT * FROM auth WHERE authname =
'$username' AND authpass = password('$password') AND authlevel = 0";
$result1 = mysql_query($query1, $db_conn);
if (musql_num_rows($result1) > 0)
{
$valid_user = $userid;
session_register("valid_user");
}
}
}
?>
It works great when used in it’s original state, but does no good to
what I’m trying to do here. Also, I’m willing to learn from this so I
don’t want to rush and get it already done out there ;-)
By the way, before you ask, I use MySQL and PHP 4 under a Apache
emulator (PHPTriad) running under WinXP (and damn, it works good and
smooth).
Hope to get some knowledge from you guys and gals,
Cesar Aracena <mailto:[EMAIL PROTECTED]>
CE / MCSE+I
Neuquen, Argentina
+54.299.6356688
+54.299.4466621
