Auth. Script

Daggeth

Im creating an authorization script and all is done except one thing.

My users have different access levels. 1, 2 and 3. Level 1 only has the privalge to see. 2 has the privalge to Add, and 3 has the privalge to See, Add and Delete but I have ran into a problem that I expected..

"SELECT * FROM $userstable WHERE Username='$PHP_AUTH_USER' and Password='$PHP_AUTH_PW' and ItemLevel='2'";

I am using this query? to confirm if someone has the clearance of Level 2. It works. But when someone inserts a password who has Level 3 Clearance, it should also allow him to pass through.

How do I do that?

bj_

How are the items stored? How does it relate to the user table?

From the way things look you could just modify your query to:
"SELECT * FROM $userstable
WHERE
Username='$PHP_AUTH_USER'
and Password='$PHP_AUTH_PW'
and ItemLevel='2'
or ItemLevel='3'";

Daggeth

I havent tried what you said but I thought of it. Maybe I should have tried before I posted.. Im gonna go do it now.. but

"SELECT * FROM $userstable
WHERE
Username='$PHP_AUTH_USER'
and Password='$PHP_AUTH_PW'
and ItemLevel='2'
or ItemLevel='3'";

I thought this would tell the query to Select from usertable where username is php_auth_user and password is php_auth_pw and level is 2 OR level is 3..

In other words either username, pw and level 2 have to be correct or just the level 3..

Ill go test it.. see waht happens

bj_

if should look like this
"SELECT * FROM $userstable
WHERE
Username='$PHP_AUTH_USER'
and Password='$PHP_AUTH_PW'
and
( ItemLevel='2' or ItemLevel='3' )";

or you could use the >= operator

"SELECT * FROM $userstable
WHERE
Username='$PHP_AUTH_USER'
and Password='$PHP_AUTH_PW'
and ItemLevel>='2'";

Daggeth

I was about to use paraenthesis myself! cuz it seemed like the logical thing to do...

Why the hell didnt I think of the boolean operator?...

Thanks man!