gistfile1.txt

public function auth($login, $passwors) {
   $query = pg_query("SELECT password,role FROM subsbl.user WHERE login='$login' ") or die('Ошибка запроса: ' . pg_last_error());
   $result = pg_fetch_assoc($query);
   //var_dump($result);
   if($result['password'] == md5(md5($passwors))) {
 		$_SESSION["is_auth"] = true; //Делаем пользователя авторизованным
 		$_SESSION["login"] = $login; //Записываем в сессию логин пользователя

    $query2 = pg_query("SELECT permissions FROM subsbl.roles WHERE id='$result[role]' ") or die('Ошибка запроса: ' . pg_last_error());
    $result2 = pg_fetch_assoc($query2);

    $permissions = $result2['permissions'];

  if(strpos($permissions, ',') !== false)
    $permissions2 = explode(',', $permissions);
  else
  {
    $permissions2 = array();
    $permissions2[] = $permissions;
  }

  $sql = 'SELECT operations FROM subsbl.permissions WHERE ';
  $sql2 = '';

  foreach($permissions2 as $permission)
    $sql2 .= ($sql2 == '' ? '' : ' OR ') . 'id = ' . $permission;

    $query3 = pg_query($sql.$sql2) or die('Ошибка запроса: ' . pg_last_error());
    $result3 = pg_fetch_all($query3);

    $permitted_operations = array();

    foreach($result3 as $perm_operations)
    {
      if(strpos($perm_operations['operations'], ',') !== false)
        $po = explode(',', $perm_operations['operations']);
      else
      {
        $po = array();
        $po[] = $perm_operations['operations'];
      }

      foreach($po as $operation)
        $permitted_operations[] = $operation;
    }

    $_SESSION['permissions'] = $permitted_operations;

             	return true;
         }
         else { //Логин и пароль не подошел
             $_SESSION["is_auth"] = false;
             return false;
         }
     }