Page 1 of 1

php whitelist for admin and member

Posted: Tue Jan 19, 2016 7:19 am
by maichel
Hello,

I have made in php a administration system. I have two different accounts: admin and member. With the admin account you can edit data and the member account not.
But I have a whitelist for this. The admin and users can look on different pages.
But this doesn't work. I place a include whitelist page above the doctype, on every page (except index.php).
I have the index.php (login page, this works), and the code below is standing on the page after index.php, so admin.php and member.php. If the code below run, you see a white screen with nothing and no errors.

Can someone help me? What is wrong with the code?
thanks in advance.

Code: Select all

session_start();

//$a_username =  ($_POST ['username']);
//$a_password =  ($_POST ['password']);
$_SESSION['username'] = $a_username;
$_SESSION['password'] = $a_password;
    $sqli = "SELECT * FROM users WHERE username='$a_username' AND password='$a_password' ";

    $numrows = mysqli_query($link, $sqli)    or    die(mysqli_error());
    
    //Define from form text feilds
        //$username = 'username';
       $password = 'password';
//this is admin login
if($a_username == "admin" && $a_password = md5( $_POST ['password'])){
    $whitelist = array("/folder/admin.php", "/folder/edit1.php", "/folder/edit2.php", "/folder/edit3.php", "/folder/edit4.php");  
    $ip = $_SERVER['SCRIPT_NAME'];
//var_dump($ip);
    if(in_array($ip, $whitelist)) {
    //echo "You can access the whitelist page!";
    } else {
    session_destroy ();
    header("Location: index.php");die();
    }
}//this is member log in
else {
    $whitelist2 = array("/folder/member.php", "/folder/member2.php", "/folder/member3.php", "/folder/member4.php", "/folder/member5.php");   
    $ip2 = $_SERVER['SCRIPT_NAME'];
//var_dump($ip);
    if (in_array($ip2, $whitelist2)) {
    //echo "You can access the whitelist page!";
    } else {
    session_destroy ();
    header("Location: index.php");die();
    }
}