I like very much the idea of using a "short" way. Actually, I did and
here's how:
// After I queried the DB for a username & password match:
if (mysql_num_rows($result) > 0)
{
$row = mysql_fetch_array($result);
if ($row[authlevel] == '1')
{
$valid_user = $username;
session_register("valid_admin");
}
else if ($row[authlevel] == '0')
{
$valid_user = $username;
session_register("valid_user");
}
}
but still doesn't work. I'm still getting the "posted" values back (when
pointed to phpinfo.php) including the sessionID variable, but the
Session doesn't show like registered. That is, when I called the
following Script, nothing happens:
[snip]
if (session_is_registered("valid_admin"))
{
// do admin stuff
}
else if (session_is_registered("valid_user"))
{
// do users stuff
}
else
{
// prompt for login
// this is still what's showing!!!???
}
[snip]
César Aracena
IS / MCSE+I
Neuquén, NQN
(0299) 156-356688
(0299) 446-6621
> -----Mensaje original-----
> De: Miguel Cruz [mailto:[EMAIL PROTECTED]]
> Enviado el: Viernes, 14 de Junio de 2002 03:11 a.m.
> Para: César Aracena
> CC: PHP General List
> Asunto: Re: [PHP] Advanced User Authentication
>
> I think you're making it needlessly complicated. Why don't you just
>
> select * from * FROM auth WHERE authname = '$username' AND
> authpass = password('$password')
>
> and not worry about "WHERE authlevel = 1"?
>
> Then, if that query is successful, you can just fetch the result row
> and see what 'authlevel' is for that user, and act accordingly.
>
> miguel
>
> On Fri, 14 Jun 2002, César Aracena wrote:
> > I’m trying to make a somehow “advanced” user authentication system
fro
> > my own web site. What I’m using as a model example, is the
> > authentication system explained by Luke Welling & Laura Thomson in
their
> > book “PHP and MySQL Web Development”. In the book, they explain how
to
> > make apparently a perfect user authentication system, but only for
one
> > level users. I would like to change that somehow in order to make my
> > scripts recognize whether the user is an Administrator or a Common
User,
> > identified by a “authlevel” field in my DB (1 for Admin – 2 for
Users).
> >
> > I’m making all my web sites, by using an “include” schema, so the
user
> > is authenticated only in the Header (included in all the pages).
> >
> > What I have so far is:
> >
> > <?
> >
> > // this is where the original script begin
> >
> > session_start();
> >
> > if ($userid && $password)
> > {
> > $db_conn = mysql_connect("localhost", "user", "password");
> > mysql_select_db("dbname", $db_conn);
> > $query = "SELECT * FROM auth WHERE authname = '$username' AND
> > authpass = password('$password') AND authlevel = 1";
> > $result = mysql_query($query, $db_conn);
> > if (mysql_num_rows($result) > 0)
> > {
> > $valid_user = $userid;
> > session_register("valid_admin");
> > }
> >
> > // this is what I tried to add
> >
> > else if (mysql_num_rows($result) >= 0)
> > {
> > $query1 = "SELECT * FROM auth WHERE authname =
> > '$username' AND authpass = password('$password') AND authlevel = 0";
> > $result1 = mysql_query($query1, $db_conn);
> > if (musql_num_rows($result1) > 0)
> > {
> > $valid_user = $userid;
> > session_register("valid_user");
> > }
> > }
> > }
> > ?>
> >
> > It works great when used in it’s original state, but does no good to
> > what I’m trying to do here. Also, I’m willing to learn from this so
I
> > don’t want to rush and get it already done out there ;-)
> >
> > By the way, before you ask, I use MySQL and PHP 4 under a Apache
> > emulator (PHPTriad) running under WinXP (and damn, it works good and
> > smooth).
> >
> > Hope to get some knowledge from you guys and gals,
> >
> > Cesar Aracena <mailto:[EMAIL PROTECTED]>
> > CE / MCSE+I
> > Neuquen, Argentina
> > +54.299.6356688
> > +54.299.4466621
> >
> >
> >
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
