I think you're making it needlessly complicated. Why don't you just
select * from * FROM auth WHERE authname = '$username' AND
authpass = password('$password')
and not worry about "WHERE authlevel = 1"?
Then, if that query is successful, you can just fetch the result row
and see what 'authlevel' is for that user, and act accordingly.
miguel
On Fri, 14 Jun 2002, C�sar Aracena wrote:
> I�m trying to make a somehow �advanced� user authentication system fro
> my own web site. What I�m using as a model example, is the
> authentication system explained by Luke Welling & Laura Thomson in their
> book �PHP and MySQL Web Development�. In the book, they explain how to
> make apparently a perfect user authentication system, but only for one
> level users. I would like to change that somehow in order to make my
> scripts recognize whether the user is an Administrator or a Common User,
> identified by a �authlevel� field in my DB (1 for Admin � 2 for Users).
>
> I�m making all my web sites, by using an �include� schema, so the user
> is authenticated only in the Header (included in all the pages).
>
> What I have so far is:
>
> <?
>
> // this is where the original script begin
>
> session_start();
>
> if ($userid && $password)
> {
> $db_conn = mysql_connect("localhost", "user", "password");
> mysql_select_db("dbname", $db_conn);
> $query = "SELECT * FROM auth WHERE authname = '$username' AND
> authpass = password('$password') AND authlevel = 1";
> $result = mysql_query($query, $db_conn);
> if (mysql_num_rows($result) > 0)
> {
> $valid_user = $userid;
> session_register("valid_admin");
> }
>
> // this is what I tried to add
>
> else if (mysql_num_rows($result) >= 0)
> {
> $query1 = "SELECT * FROM auth WHERE authname =
> '$username' AND authpass = password('$password') AND authlevel = 0";
> $result1 = mysql_query($query1, $db_conn);
> if (musql_num_rows($result1) > 0)
> {
> $valid_user = $userid;
> session_register("valid_user");
> }
> }
> }
> ?>
>
> It works great when used in it�s original state, but does no good to
> what I�m trying to do here. Also, I�m willing to learn from this so I
> don�t want to rush and get it already done out there ;-)
>
> By the way, before you ask, I use MySQL and PHP 4 under a Apache
> emulator (PHPTriad) running under WinXP (and damn, it works good and
> smooth).
>
> Hope to get some knowledge from you guys and gals,
>
> Cesar Aracena <mailto:[EMAIL PROTECTED]>
> CE / MCSE+I
> Neuquen, Argentina
> +54.299.6356688
> +54.299.4466621
>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
