Done it!!! Followed the examples both of you gave me and voala! Hey... it turned out to be quite a effective user authentication system. Thanks a lot.
Cesar Aracena <mailto:[EMAIL PROTECTED]> CE / MCSE+I Neuquen, Argentina +54.299.6356688 +54.299.4466621 > -----Mensaje original----- > De: Justin French [mailto:[EMAIL PROTECTED]] > Enviado el: Viernes, 14 de Junio de 2002 03:29 a.m. > Para: César Aracena > Asunto: Re: [PHP] Advanced User Authentication > > This is a reasonably in-depth topic, and I don't have any experience with > the book in question, but here's some code to follow. > > Please note TOTALLY UNTESTED CODE!!!!! > > <? > session_start(); > > // make sure userid & password were set > // thru sessions, not through URL or other > // method > $userid = $_SESSION['userid']; > $password = $_SESSION['password']; > > $db_conn = mysql_connect("localhost", "user", "password"); > mysql_select_db("dbname", $db_conn); > $query = "SELECT * FROM auth WHERE authname = '$username' AND > authpass = password('$password')"; > if(mysql_num_rows($result) == 0) > { > // invalid username and/or password > unset($_SESSION['password']); > unset($_SESSION['userid']); > } > else > { > $valid_user = 1; > > // we know they're valid, but what level user are they? > $myrow = mysql_fetch_array($result); > $authlevel = $myrow['authlevel']; > > } > ?> > > So, you find the userid and password in the $_SESSION array, and you query > the database to see if there's a match. > > If not, you unset the $_SESSION['userid'] and $_SESSION['password']. > > If yes, you then have a look at the result your queried, and find out what > authlevel they are. > > In your case, it looks like you're using 0 for normal, and 1 for admin. > > In my case, I'm using 0 for a blocked user, 1 for basic, 2 for admin, and > three for me (super admin, for lack of a better word!). > > > For basic stuff, we can just check if they're a valid user: > > <? > if($valid_user) > { > echo "welcome {$userid}"; > } > ?> > > or more complex stuff > > <? > if($authlevel == 1) > { > echo "admin: <A HREF=\"blah.php\">delete this</a>"; > } > ?> > > > Hope this get you started on the right track. > > > Justin French > -------------------- > Creative Director > http://Indent.com.au > -------------------- > > > on 14/06/02 3:08 PM, César Aracena ([EMAIL PROTECTED]) wrote: > > > Hi all, > > > > I’m trying to make a somehow “advanced” user authentication system fro > > my own web site. What I’m using as a model example, is the > > authentication system explained by Luke Welling & Laura Thomson in their > > book “PHP and MySQL Web Development”. In the book, they explain how to > > make apparently a perfect user authentication system, but only for one > > level users. I would like to change that somehow in order to make my > > scripts recognize whether the user is an Administrator or a Common User, > > identified by a “authlevel” field in my DB (1 for Admin – 2 for Users). > > > > I’m making all my web sites, by using an “include” schema, so the user > > is authenticated only in the Header (included in all the pages). > > > > What I have so far is: > > > > <? > > > > // this is where the original script begin > > > > session_start(); > > > > if ($userid && $password) > > { > > $db_conn = mysql_connect("localhost", "user", "password"); > > mysql_select_db("dbname", $db_conn); > > $query = "SELECT * FROM auth WHERE authname = '$username' AND > > authpass = password('$password') AND authlevel = 1"; > > $result = mysql_query($query, $db_conn); > > if (mysql_num_rows($result) > 0) > > { > > $valid_user = $userid; > > session_register("valid_admin"); > > } > > > > // this is what I tried to add > > > > else if (mysql_num_rows($result) >= 0) > > { > > $query1 = "SELECT * FROM auth WHERE authname = > > '$username' AND authpass = password('$password') AND authlevel = 0"; > > $result1 = mysql_query($query1, $db_conn); > > if (musql_num_rows($result1) > 0) > > { > > $valid_user = $userid; > > session_register("valid_user"); > > } > > } > > } > > ?> > > > > It works great when used in it’s original state, but does no good to > > what I’m trying to do here. Also, I’m willing to learn from this so I > > don’t want to rush and get it already done out there ;-) > > > > By the way, before you ask, I use MySQL and PHP 4 under a Apache > > emulator (PHPTriad) running under WinXP (and damn, it works good and > > smooth). > > > > Hope to get some knowledge from you guys and gals, > > > > Cesar Aracena <mailto:[EMAIL PROTECTED]> > > CE / MCSE+I > > Neuquen, Argentina > > +54.299.6356688 > > +54.299.4466621 > > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php