Hi all,
I�m trying to make a somehow �advanced� user authentication system fro
my own web site. What I�m using as a model example, is the
authentication system explained by Luke Welling & Laura Thomson in their
book �PHP and MySQL Web Development�. In the book, they explain how to
make apparently a perfect user authentication system, but only for one
level users. I would like to change that somehow in order to make my
scripts recognize whether the user is an Administrator or a Common User,
identified by a �authlevel� field in my DB (1 for Admin � 2 for Users).
I�m making all my web sites, by using an �include� schema, so the user
is authenticated only in the Header (included in all the pages).
What I have so far is:
<?
// this is where the original script begin
session_start();
if ($userid && $password)
{
$db_conn = mysql_connect("localhost", "user", "password");
mysql_select_db("dbname", $db_conn);
$query = "SELECT * FROM auth WHERE authname = '$username' AND
authpass = password('$password') AND authlevel = 1";
$result = mysql_query($query, $db_conn);
if (mysql_num_rows($result) > 0)
{
$valid_user = $userid;
session_register("valid_admin");
}
// this is what I tried to add
else if (mysql_num_rows($result) >= 0)
{
$query1 = "SELECT * FROM auth WHERE authname =
'$username' AND authpass = password('$password') AND authlevel = 0";
$result1 = mysql_query($query1, $db_conn);
if (musql_num_rows($result1) > 0)
{
$valid_user = $userid;
session_register("valid_user");
}
}
}
?>
It works great when used in it�s original state, but does no good to
what I�m trying to do here. Also, I�m willing to learn from this so I
don�t want to rush and get it already done out there ;-)
By the way, before you ask, I use MySQL and PHP 4 under a Apache
emulator (PHPTriad) running under WinXP (and damn, it works good and
smooth).
Hope to get some knowledge from you guys and gals,
Cesar Aracena <mailto:[EMAIL PROTECTED]>
CE / MCSE+I
Neuquen, Argentina
+54.299.6356688
+54.299.4466621
