Hi all,

I’m trying to make a somehow “advanced” user authentication system fro
my own web site. What I’m using as a model example, is the
authentication system explained by Luke Welling & Laura Thomson in their
book “PHP and MySQL Web Development”. In the book, they explain how to
make apparently a perfect user authentication system, but only for one
level users. I would like to change that somehow in order to make my
scripts recognize whether the user is an Administrator or a Common User,
identified by a “authlevel” field in my DB (1 for Admin – 2 for Users).

I’m making all my web sites, by using an “include” schema, so the user
is authenticated only in the Header (included in all the pages).

What I have so far is:


// this is where the original script begin


if ($userid && $password)
        $db_conn = mysql_connect("localhost", "user", "password");
        mysql_select_db("dbname", $db_conn);
        $query = "SELECT * FROM auth WHERE authname = '$username' AND
authpass = password('$password') AND authlevel = 1";
        $result = mysql_query($query, $db_conn);
        if (mysql_num_rows($result) > 0)
                $valid_user = $userid;

// this is what I tried to add

        else if (mysql_num_rows($result) >= 0)
                $query1 = "SELECT * FROM auth WHERE authname =
'$username' AND authpass = password('$password') AND authlevel = 0";
                $result1 = mysql_query($query1, $db_conn);
                if (musql_num_rows($result1) > 0)
                        $valid_user = $userid;

It works great when used in it’s original state, but does no good to
what I’m trying to do here. Also, I’m willing to learn from this so I
don’t want to rush and get it already done out there ;-)

By the way, before you ask, I use MySQL and PHP 4 under a Apache
emulator (PHPTriad) running under WinXP (and damn, it works good and

Hope to get some knowledge from you guys and gals,

Cesar Aracena <mailto:[EMAIL PROTECTED]> 
Neuquen, Argentina

Reply via email to