Re: [PHP] Advanced User Authentication

Thu, 13 Jun 2002 22:52:20 -0700 

I think you're making it needlessly complicated. Why don't you just

  select * from * FROM auth WHERE authname = '$username' AND
  authpass = password('$password')

and not worry about "WHERE authlevel = 1"?

Then, if that query is successful, you can just fetch the result row 
and see what 'authlevel' is for that user, and act accordingly.

miguel

On Fri, 14 Jun 2002, César Aracena wrote:
> I’m trying to make a somehow “advanced” user authentication system fro
> my own web site. What I’m using as a model example, is the
> authentication system explained by Luke Welling & Laura Thomson in their
> book “PHP and MySQL Web Development”. In the book, they explain how to
> make apparently a perfect user authentication system, but only for one
> level users. I would like to change that somehow in order to make my
> scripts recognize whether the user is an Administrator or a Common User,
> identified by a “authlevel” field in my DB (1 for Admin – 2 for Users).
> 
> I’m making all my web sites, by using an “include” schema, so the user
> is authenticated only in the Header (included in all the pages).
> 
> What I have so far is:
> 
> <?
> 
> // this is where the original script begin
> 
> session_start();
> 
> if ($userid && $password)
> {
>       $db_conn = mysql_connect("localhost", "user", "password");
>       mysql_select_db("dbname", $db_conn);
>       $query = "SELECT * FROM auth WHERE authname = '$username' AND
> authpass = password('$password') AND authlevel = 1";
>       $result = mysql_query($query, $db_conn);
>       if (mysql_num_rows($result) > 0)
>       {
>               $valid_user = $userid;
>               session_register("valid_admin");
>       }
> 
> // this is what I tried to add
> 
>       else if (mysql_num_rows($result) >= 0)
>       {
>               $query1 = "SELECT * FROM auth WHERE authname =
> '$username' AND authpass = password('$password') AND authlevel = 0";
>               $result1 = mysql_query($query1, $db_conn);
>               if (musql_num_rows($result1) > 0)
>               {
>                       $valid_user = $userid;
>                       session_register("valid_user");
>               }
>       }
> }
> ?>
> 
> It works great when used in it’s original state, but does no good to
> what I’m trying to do here. Also, I’m willing to learn from this so I
> don’t want to rush and get it already done out there ;-)
> 
> By the way, before you ask, I use MySQL and PHP 4 under a Apache
> emulator (PHPTriad) running under WinXP (and damn, it works good and
> smooth).
> 
> Hope to get some knowledge from you guys and gals,
> 
> Cesar Aracena <mailto:[EMAIL PROTECTED]> 
> CE / MCSE+I
> Neuquen, Argentina
> +54.299.6356688
> +54.299.4466621
> 
> 
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to