Zork67/gist:71951e1f2087be8ecf25

## gistfile1.txt
public function auth($login, $passwors) {
   $query = pg_query("SELECT password,role FROM subsbl.user WHERE login='$login' ") or die('Ошибка запроса: ' . pg_last_error());
   $result = pg_fetch_assoc($query);
   //var_dump($result);
   if($result['password'] == md5(md5($passwors))) {
 		$_SESSION["is_auth"] = true; //Делаем пользователя авторизованным
 		$_SESSION["login"] = $login; //Записываем в сессию логин пользователя

    $query2 = pg_query("SELECT permissions FROM subsbl.roles WHERE id='$result[role]' ") or die('Ошибка запроса: ' . pg_last_error());
    $result2 = pg_fetch_assoc($query2);

    $permissions = $result2['permissions'];

  if(strpos($permissions, ',') !== false)
    $permissions2 = explode(',', $permissions);
  else
  {
    $permissions2 = array();
    $permissions2[] = $permissions;
  }

  $sql = 'SELECT operations FROM subsbl.permissions WHERE ';
  $sql2 = '';

  foreach($permissions2 as $permission)
    $sql2 .= ($sql2 == '' ? '' : ' OR ') . 'id = ' . $permission;

    $query3 = pg_query($sql.$sql2) or die('Ошибка запроса: ' . pg_last_error());
    $result3 = pg_fetch_all($query3);

    $permitted_operations = array();

    foreach($result3 as $perm_operations)
    {
      if(strpos($perm_operations['operations'], ',') !== false)
        $po = explode(',', $perm_operations['operations']);
      else
      {
        $po = array();
        $po[] = $perm_operations['operations'];
      }

      foreach($po as $operation)
        $permitted_operations[] = $operation;
    }

    $_SESSION['permissions'] = $permitted_operations;

             	return true;
         }
         else { //Логин и пароль не подошел
             $_SESSION["is_auth"] = false;
             return false;
         }
     }
	public function auth($login, $passwors) {
	$query = pg_query("SELECT password,role FROM subsbl.user WHERE login='$login' ") or die('Ошибка запроса: ' . pg_last_error());
	$result = pg_fetch_assoc($query);
	//var_dump($result);
	if($result['password'] == md5(md5($passwors))) {
	$_SESSION["is_auth"] = true; //Делаем пользователя авторизованным
	$_SESSION["login"] = $login; //Записываем в сессию логин пользователя

	$query2 = pg_query("SELECT permissions FROM subsbl.roles WHERE id='$result[role]' ") or die('Ошибка запроса: ' . pg_last_error());
	$result2 = pg_fetch_assoc($query2);

	$permissions = $result2['permissions'];

	if(strpos($permissions, ',') !== false)
	$permissions2 = explode(',', $permissions);
	else
	{
	$permissions2 = array();
	$permissions2[] = $permissions;
	}

	$sql = 'SELECT operations FROM subsbl.permissions WHERE ';
	$sql2 = '';

	foreach($permissions2 as $permission)
	$sql2 .= ($sql2 == '' ? '' : ' OR ') . 'id = ' . $permission;

	$query3 = pg_query($sql.$sql2) or die('Ошибка запроса: ' . pg_last_error());
	$result3 = pg_fetch_all($query3);

	$permitted_operations = array();

	foreach($result3 as $perm_operations)
	{
	if(strpos($perm_operations['operations'], ',') !== false)
	$po = explode(',', $perm_operations['operations']);
	else
	{
	$po = array();
	$po[] = $perm_operations['operations'];
	}

	foreach($po as $operation)
	$permitted_operations[] = $operation;
	}

	$_SESSION['permissions'] = $permitted_operations;

	return true;
	}
	else { //Логин и пароль не подошел
	$_SESSION["is_auth"] = false;
	return false;
	}
	}